Be afraid--be very afraid--because this could happen to you. In fact, hackers are breaking into Web sites around the world at a frightening pace. Hackers commonly gain access to a company's internal network through holes in its Web server, which is what happened in Capetown-Rio's case.
When hackers break into your Web site, they can copy, edit or delete files. They can vandalize your site by stealing programs and disrupting networks or by crashing sites outright. And once they're on a site, hackers can use phony identities to buy goods and services or they can vandalize a site and change its look, its text and its overall message.
The easiest way to prevent a hacker from entering your Web site is to implement a firewall on your Web server. Firewalls keep unauthorized people out by monitoring the flow of information between a company's Web server and the Internet. The firewall identifies and selectively blocks any unwanted communication. "A properly configured firewall will stop all Internet attacks," says Peter S. Tippett, founder and chief technologist of ISCA.net, a security consulting firm in Reston, Virginia.
Tippett says the problem is most sites don't have properly configured firewalls--the person setting up the firewall may have erected it in the wrong place, for example, or connected it incorrectly. In fact, ICSA.net researched more than 2,000 Web sites last year and found that while all had firewalls, more than 80 percent were still vulnerable to being hacked with the use of easily available tools.
"These companies are worried about their security and seem to be trying to do the right thing," Tippett says, "but they're doing the equivalent of putting an airbag in the backseat of a car when it comes to security precautions."
Before implementing a firewall system, consult with a security expert who can tell you what kind of security solution you need for your business. The person in your company who put up your Web site may know whom to call; otherwise, ask your Web consultant or Web-hosting company for the name of a security expert. The expert will want to know if your site was created in a secure fashion: Did your Web developer use secure protocols and software when building the site? Is the ISP that's hosting your site secure?
Not sure how secure your site is? Try testing it. ICSA.net's Security Snapshot system, available free of charge, allows you to click on to ICSA.net's site, answer questions about your security program and then enter your e-mail address. ICSA.net will run various tests against your company's site and then e-mail you a "Risk Index" score in six categories that include hacking-related risks.