By Katie Coelho
Jun 8, 2018
Subscribe now and get the latest podcast releases delivered straight to your inbox.
Would you tell someone you didn’t trust your biggest secret? How about loan them money?
No matter how trusting you are, I’d bet money you’d think twice about doing either of these things -- and most consumers would too.
Data security, whether it be financial or otherwise, is more important now than ever.
Not only are there more attempted and successful breaches as time passes, but the public is becoming more and more aware of their need to protect themselves especially when it comes to the websites they use.
With GDPR now in full force, many marketers are paying increased attention to what and how they control their website privacy and security for users - especially because there can be legal (and in turn, financial) consequences.
In wake of this, worldwide cybersecurity spending is expected to reach $96 billion in 2018, but, there are plenty of quick and less expensive updates you can make to your site right now to help improve your security and protect your site visitors.
Trust in your brand includes trust in the platform visitors are reading information on.
If your CMS is unreliable or you don’t do a great job at explaining data security to users, they’ll most likely find the information they’re looking for elsewhere.
Here are a few website security quick wins we regularly help clients with.
Quick Wins for Improving Your Website Security
1. Use Reliable/Credible Hosting
Hosting is where your website lives and how pages appear at your domain. Some hosting platforms can be hacked and information can be compromised if the correct security measures are not in place.
Knowing this, at IMPACT, we mostly recommend using HubSpot or WordPress.
HubSpot has a page dedicated to its software & platform security, but what you need to know is that they’ve built every essential protection into their software and hosting, and do regular audits to ensure that everything is up and running securely.
For example, HubSpot protects every portal and session with top-end in-transit encryption, advanced TLS (1.0, 1.1, and 1.2) protocols, and 2,048-bit keys.
On the other hand, when using WordPress as a CMS, we recommend hosting with WPengine.
As they say, WPengine “dynamically inspects traffic, looking for new kinds of attacks, or patterns of requests from certain locations that indicate nefarious activity, and we block many of those attacks automatically.”
This is important because their system automatically protects against known and usual threats, but will also be on the lookout and notify you if there is some type of vulnerability. Essentially, someone is on the lookout for you so you can be at ease.
You can learn more about WordPress’ added security here.
In addition to hosting your website with a reputable source, ensure that the CDN (content delivery network) has data centers in multiple locations.
“Proper physical security, both in terms of electronic surveillance, access controls, and on-site security guards reduce the risk associated with bad actors attempting to gain site access,” shares Cloudflare.
Having multiple locations storing your data is important because if one location gets compromised, the others will still have backups of your data.
Even though you’d think the internet is just floating around in technology land, there actually are physical servers storing data - and those need to be protected too.
In short, not only does your hosting matter, but the company structure and physical server locations and security can affect your protection as well.
So, do your research and find the best fit for your company and audience demands.
2. Switching to SSL
SSL stands for Secure Sockets Layer and keeps the internet connection secure to protect any essential data transfer on your site.
In other words, it ensures your internet activity is secure. This is important because if you don’t have the SSL on your site, users cannot establish a secure connection and data passed between server and browsers is not private.
When you install an SSL, it adds the green secure lock and HTTPS prior to your URL. Most users know to look for this now, and take it into consideration when deciding whether to purchase from a website or even fill out a form on it.
Because Google wants users to have secure data and information, they also require SSL and alter rankings for sites with it.
For a low cost, you can add SSL on to your WordPress site, and HubSpot has a completely free option for its current users.
Already in the process? Good for you! This article goes into detail about switching to SSL and the errors that some companies have made.
3. HTTP/2
Being that this quick win is a bit more technical, the following information is from Kinsta.
First, What Is HTTP?
“The Hypertext Transfer Protocol (HTTP), the simple, constrained, and ultimately boring application layer protocol forms the foundation of the World Wide Web”
Second, What Is HTTP/2?
“The most recent version, HTTP1.1 has served the cyber world for over 15 years. Web pages in the current era of dynamic information updates, resource-intensive multimedia content formats and excessive inclination toward web performance have placed old protocol technologies in the legacy category.
These trends necessitate significant HTTP/2 changes to improve the internet experience.”
HTTP/2 is the second version (though there have been iterations of the first version) that forms the foundation of the world wide web - essentially making websites possible.
Why Create HTTP/2?
“The primary goal with research and development for a new version of HTTP centers around three qualities rarely associated with a single network protocol without necessitating additional networking technologies – simplicity, high performance, and robustness.”
Essentially, HTTP/2 is needed because it’s an improved protocol that incorporates more secure measures, and by updating your site to these measures, you’ll have the most up-to-date version running.
Here’s some more information on how to set up HTTP/2, but what you need to know is that this is done via your domain manager.
4. For Plugins, Keep it Simple
When using WordPress or a similar tool, you will likely need plugins to appropriately track data and run specific features on your site.
These additions, often from third-parties, however, give more systems access to your site and in turn, open the door to more opportunities to be hacked. It’s one of the biggest concerns many have with WordPress.
Having out-of-date or insecure plugins can make even a previously secure site to become vulnerable.
Even having too many plugins can be an issue, if you’re not good about updating your plugins regularly. Any of these issues combined can create an opportunity for hacking and data compromise.
So, we’re recommending:
- Do research on plugins for your site (make sure they have standards for security)
- Keep the number of plugins to a minimum
- Ensure all plugins are up-to-date; Perhaps have a set day each week on which you do this.
5. GDPR compliance
As of May 25th, GDPR is in full effect and companies that operate in the U.S. are now subject to its law and regulations surrounding their marketing - even though the law is upheld within the EU.
When it comes down to it (related to security of data), GDPR requires that:
- You have a software/website CRM that’s capable of deleting all user information you’ve collected
- You have a checkbox or option on forms to opt-in for info or communication from your company (essentially storing their data and using it to contact them)
- You notify users that cookies are tracked on your website for improved usability
If using HubSpot, these updates are simple to make. In fact, the platform made it a priority to add new features to meet these regulations, including “complete data delete.”
Not only is it important from a user trust standpoint to ensure that these features are on your site, but with the hacking and selling of data, these regulations were created to protect consumers data from careless businesses.
These are the times we live in and digital data protection is everything.
6. Notify Users on Data Collection
By notifying users on the type of data you collect and store, you’re helping users better understand what information they are actually willing to give.
For instance, if you love getting product suggestions from Amazon, you’ll have no problem having them access your purchase data, but if you’re registering for a webinar and see your information may be shared with the third-party provider, perhaps you’d refrain.
Some examples of notifications can include:
- A hello bar notifying of your privacy policy or that cookies are being tracked
- A simple to read and understand privacy policy link in your footers and next to forms
- Pop-up notifications warning users of any information you need to collect and WHY
- A checkbox on forms so users understand how their information will be used
A real-life example can be seen on IMPACT’s site:
These updates should not require a heavy lift, but you may need someone technical for a hello bar or pop up.
7. Using a Password Manager
Last, but definitely not least, always use a password manager with ultra-secure passwords for your CMS, domain, etc..
There is vulnerability in reusing passwords, or using common words or phrases as, after someone gets a hold of it, it’s easy to test and reuse it on other websites. Simple passwords are also easily hacked by bots.
A few password managers we recommend are:
It All Comes Down to Trust
Talking about the security of your website can be overwhelming and technical, but by implementing even one of the quick wins listed above and you can not only rest easier knowing your information is safe, but your visitors, prospects, and customers can as well.
Trust is one of the biggest emotional factors at play in people’s purchase decisions.
By taking the steps to make your website more secure, you’ll make visitors more comfortable converting, and ultimately, doing business with you.
Even though you may have a million other priorities, security has to make it to the top of your list and it’s essential you revisit it often!
Free: Assessment