Please note: you are and will remain legally responsible for your own website

Who made the mistake?

Legal liability in case of a hack can raise quite some questions. Because if a customer of your webshop receives spam and sues you: who is responsible for the security vulnerability? Intuitively, you will call your website builder to confront them with the vulnerability 'in the site they built' ..... After all, if there is a vulnerability, he must not have done his job properly, right? The site builder, however, will answer you: where in the contract does it say that the site builder is responsible for the security? He doesn't send invoices for that, does he? And perhaps further investigation will show that the fault lies with the hosting provider, because they have not updated the operating system or have left a port open. However, if you try to recover the damages from them, you will get no answer either. Where in the contract does it say that the provider must actively incur costs to guarantee security? And guarantee to what standard?

This is legal liability

Conclusion: the legal liability lies with you. But what exactly does that mean for you as a website owner? It means in any case that if something goes wrong and your website is hacked, the judge will always rule against you. The reasoning is as follows: you know that security is necessary, but if you cannot demonstrate that you have been actively working on it, you are also responsible for the consequences. Penalties may vary from a fine to perhaps even a prison sentence, if, for example, privacy-sensitive personal data are involved and the company has been genuinely negligent.

Prevention is easy

How can you prevent this? By at least making good agreements with the site builder and the hosting party. Establish that a scan will be performed that tests for security and use a reliable benchmark, such as PCI-DSS or ISO 27001. If you then give the builder and hosting party access to the errors detected and give them clearance to resolve them, you will be taking a big step towards guaranteeing security. This also means that you accept that the builder will incur costs to bring your website up to PCI level.

Use the scan from Trust Guard

And then the most important thing: what scan do you use? Do you let your builder perform his or her own scan? We think this is a bit like the butcher inspecting his own meat. Ideally, you should opt for Trust Guard, a complete security tool that gives you insight into the security status of your website in one convenient dashboard. You can put all the websites you want in Trust Guard, including several at once, and then you can also group them in an orderly fashion. For example, if you have several websites run by different builders, we recommend that you create a separate group for each builder. Subsequently, you only grant the individual builders the rights to the sites they have built, so that they can check the scan results of these sites themselves. The results are very easy to read and interpret, namely FAIL or PASS on various levels. It is therefore immediately clear whether additional measures are required.

Different standards

Trust Guard gives you the choice of different variants of security reports, because maybe today you need a PCI/DSS certificate for your credit cards, maybe tomorrow you want the scan results in an ISO27001 report and for GDPR you might want to download a GDPR report! In addition, you can also determine the frequency of scans yourself, daily, weekly, monthly or quarterly! And, not unimportantly: the Trust Guard dashboard is also accessible to your suppliers, such as site builders and hosting parties, so that you can jointly accept and fulfil legal liability. With Trust Guard, you are in control of the security of your website. One tool, a clear overview in which you can easily group and work together with your suppliers!  This is Trust Guard!

To learn more about Trust Guard?