All entrepreneurs know that the most valuable thing in any business is trust. Your customers trust you with their money; they trust that your product will serve their needs; and, they trust that their data will be protected.
But what happens if you lose that trust?
When it comes to the internet, trust can be lost in an instant. If your web site is not secure—or even if your customer perceives it as not secure—no amount of advertising will overcome that deficit.
However, while most businesses wouldn’t hesitate to lock their doors at night, install a security camera, or even hire private security, too many leave their digital door wide open—their web site.
We know that Canadian consumers are increasingly wary of how their data is stored and transmitted online. In fact, according to 2017 Canada’s Internet Factbook, 44% of Canadians are unlikely to continue making purchases from an online business if it suffers a cyberattack.
So how can you make sure your web site is secure?
When potential customers visit your web site, whether they are simply searching for information or ready to buy, they are looking for subtle signs that they can trust your business.
You may not even think about it, but there’s a symbol that you stare at almost every day that builds confidence in every web site you visit.
If you look up in the corner of your web browser's navigation bar right now, you’ll probably see a little green lock next to the URL. Go ahead, check. That symbol means that this web site is protected with SSL, or Secure Sockets Layer. An SSL certificate verifies the identity of a web site and ensures that all data in transit is encrypted and can only be read with a unique decryption key.
Your web site’s SSL certificate acts as a passport that tells the user that you are who you say you are and any data they give you is secure.
A web site protected with SSL will also be easy to spot as the URL will start with https—the S at the end stands for secure. This means that any personal information that you input, such as your name, password, email or banking information, is secure.
But what if your web site doesn’t process transactions or hold any data? Sorry, you’re not off the hook. Even non-transactional web sites need an SSL certificate. Beginning in July 2018, Google will be marking any web site that does not have a valid SSL certificate as "not secure" in its Chrome web browser. Even if you’re just hosting a simple blog, being labelled as “not secure” will surely impact your user’s trust, and it will definitely hurt your search engine ranking.
Most customers assume that you are who you say you are online. So, when they type your domain name into their browser, it had better be your web site on the other side.
Domain name hijacking is when a hacker gets control of a web site’s Domain Name System (DNS) information and uses it to make changes or even redirect the web site. Sometimes hackers just do it for fun, sometimes it’s politically motivated, and sometimes it’s a broader attempt to steal data or even money. A hacker can ransom your domain name back to you for money, use it to distribute malware or just put up a picture of a lizard with a monocle.
Needless to say, the first time a customer visits your web site only to find it has been hijacked by stylish amphibians may very well be their last.
Domain name hijacking is usually accomplished through simple social engineering techniques. A hacker only needs the administrator’s email account (which can often be found in WHOIS records) to begin the process of infiltrating their domain name registrar. Once a hacker has access, they can change the DNS settings to redirect the domain or even transfer it to a different user.
Thankfully, many domain name registrars offer a service called Registry Lock which prevents the domain name from being deleted, transferred or altered in any way.
When a domain name is protected with Registry Lock, any change requests are rejected until the lock is removed. Removing the lock requires a more rigorous identification and verification process that will typically alert the domain name owner or deter the hacker.
When it comes to trust it’s the little details that count. If your customers visit your web site only to find outdated information, missing pages and broken links, they will begin to wonder if anyone is minding the store.
If you walked into a store to find the shelves half empty, the floors filthy and the clerk playing solitaire behind the counter you might think twice before making a purchase. In the same way, having a web site that isn’t up to date, or is lacking basic information, can cause your customers to hesitate before handing over their credit card.
Your web site should be updated at least once a quarter to make sure that your contact information is current, all page links work and basics such as email forms and web site plugins are working.
If a customer is trying to contact you and ends up staring at a broken blank page, they can quickly wonder if you’re really paying attention.
Trust can be lost in an instant online. So, make sure you are doing everything you can to protect your brand and retain your customers’ trust by making your web site as secure as possible.