You're elated. You've just launched your company's new Web site. Then the euphoria wears off. What happens if someone breaks through the security? What if your data is stolen? What if your customers' data is stolen? How much will it cost to fix? Don't panic. Life happens and there are ways to protect yourself, your business, and your customers.
One of the easiest ways to find a freelancer is to get an oDesk/Elance or Guru.com account. These are great, but the profiles aren't very detailed and finding a profile with a US or Canadian flag indicating they aren't in the Middle East, Asia, or South America is like finding the Holy Grail. Still, outsourcing to one of these freelancers is a risk. I'm about to shatter a widely accepted myth, but as a business owner it's very important that you know the truth. Developers are flesh-and-blood human beings, not creatures of the night that thrive on caffeine to produce magical, flawless code. Bugs occur in every developer's code and if they tell you their code is perfect, they're lying.
These code flaws (commonly referred to as "bugs") may be benign (like a benign tumor) and only cause a page to reload or a button to be unresponsive to clicks. That's certainly a problem, but it's unlikely that there's anything a sinister individual could take advantage of. Other code flaws are more serious and could expose a company to some level of risk, from minimal to catastrophic. It's these latter flaws that compliance standards such as PCI DSS (Payment Card Industry Data Security Standard) and HIPAA (Health Insurance Portability and Accountability Act) aim to eliminate so that customers are protected from credit card fraud, identity theft, and other malicious intent.
There are ways developers can protect themselves and their clients. We carry a type of insurance policy commonly referred to as "cyber insurance", but to insurance professionals it is a Technical Professional Liability Policy with Cyber Enhancements (don't worry, I thought it was a mouthful, too). Much like healthcare providers carry malpractice insurance, technical professionals can carry cyber liability insurance. Those that do rest easy knowing any custom applications and Web sites they create covered against a multitude of situations, from cyber ransoms (or ransomware viruses) to personal data breaches resulting from attacks that exploit flawed code to something as simple as a misunderstanding about software requirements.
A Web site is a company's persona, sometimes it's even a company's entire revenue stream. Getting it wrong can have a disastrous impact their revenue. Sol Minion Development carries cyber insurance because we are serious about protecting our clients' and our clients' customers' information. It's very unlikely (though not out of the realm of possibility) that any freelancer you could consider on oDesk, Elance, or Guru.com is carrying the same protection.
When it comes to your Web presence, can you afford to hire someone that doesn't carry cyber liability insurance? Sure, you might be saving on the hourly rate, since you can hire some developers half a world away for $7.50 an hour, but what will it cost you if there is a mistake and someone gets into your site.
Would you risk having surgery by an uninsured healthcare provider?
In part two of this series, we'll go into a little more detail about what can go wrong and what the associated costs could be.