Does Your Website Have Grown Up Security?
Website security used to be simple – configure a few settings and call it a day.
That’s not enough to secure your company’s online presence today. First, reducing website security to a single technology oversimplifies the security threats you face. Second, you also need to give thought to the full range of security risks you face.
The Security Threats Facing Your Website: Industry Examples
As more business activity moves online, that greater business activity draws threats. As the old saying goes, robbers target banks because “that’s where the money is.” Even if your company has modest revenues, it’s important to realize that financial gain is not the only motivation for hackers. In fact, some organizations invite hackers to attack them in order to discover vulnerabilities (e.g. Hack The Pentagon). In other cases, political motives are important as seen by the Anonymous group. Still other groups are interested in making a political statement.
- You may assume that global companies with millions of customers would be invulnerable to attacks. Such organizations are highly resistant to attacks but everyone has a weakness. Consider the Sony Pictures hack in 2014 which resulted in the unauthorized release of confidential information.
- Thankfully, banks rarely experience significant website security failures because they invest heavily in security. Large banks have dozens if not hundreds of dedicated cybersecurity professionals on staff. Despite those resources, no institution is invulnerable. In 2016, the central bank of Bangladesh incorrectly fulfilled a withdraw request for millions of dollars. While much of the money was subsequently recovered, the investigation effort took substantial time and effort.
- Internet Services. To keep your company operating smoothly, you probably rely on a wide variety of service providers. While this approach makes it easy to focus on your core business, there are downsides – if those services fail, your business suffers. In late 2016, several online services including Spotify (music), Twitter (social media) and Amazon Web Services (data service and other computing services) went offline for a few hours. Given the scale of such businesses, the lost revenue may be substantial.
Step 1: Understand Your Security Risks
To decide on the right level of investment in cybersecurity, we first need to take a step back to assess the situation. When it comes to security, some businesses and industries are attacked more often than others. Based on media reports, large companies with a global brand presence face daily attacks. Governments and financial institutions likely top the list of organizations that face cybersecurity challenges. Answer the following questions to determine your website security risks.
- How important is your website to your business on a scale of 1-10 where 10 is “critical”?
- How important is your website in providing customer service to your customers on a scale of 1-10 where ten is “essential”?
- How much money do you spend on your website and related services (e.g. security services, email services, domains and so forth) each year?
- Approximately what percentage of your revenue goes through your website (remember to include leads)?
- Do you accept payments through your website?
If you answered 6 or higher on the first two questions, you may consider your business to be in the “medium risk” category. The remaining three questions qualify the nature of the losses you may experience. If you accept payments and/or rely on your website for customers and leads, those facts underscore the urgency of thoroughly reviewing and improving security. Think of it this way – you keep other business resources like your bank accounts and office secure. Given that approach, your website deserves the same protection.
Resource: What if your business partners and regulators ask for proof that you have top notch security? In that case, you may want to engage a third party for a security assessment. This outside assessment process is particularly valuable in the event of staff turnover to make sure everyone is on the same page.
Step 2: Understand The Benefits of Improved Website Security
Let’s define the benefits you will obtain by improving your website’s security.
1. Enhance Your Brand Reputation
High quality security is an excellent way to increase trust with your customers. For example, many Apple fans praised the company for standing by its security commitments in 2016 during a dispute with the government. Once you have completed a security improvement, you can share the good news with your customers.
2. Reduce The Likelihood of Loss
Investing in cybersecurity is akin to buying insurance for your business. It`s a best practice for all professionally managed companies. It is one of the best ways to make sure you do not suffer losses. By preventing attacks and hacks up front, you also spare yourself the hassle of working with credit card companies and other organizations in the aftermath of an attack.
Note: According to the Guardian, small and medium sized businesses are increasingly being targeted by hackers. Symantec research has found that over 50% of spear phishing attacks are now directed at small companies.
3. Fulfill Your Regulatory Obligations
Depending on your industry, you may have certain regulatory requirements to fulfill if you want to avoid problems. For example, HIPAA is an issue if you are in the health care field. If you accept online payments, you may have security obligations relating to PCI DDS to think through. Like taxes, few people look forward to fulfilling regulatory obligations. Nonetheless, they are essential to staying in business.
What Options Do You Have To Improve Your Website’s Security?
At this stage, we’ve covered the security risks that come with running a business website. In the Internet industry, there are a variety of approaches to security. Some companies consider security to be a priority while it is an after thought for others. If your website plays a critical role in generating leads, processing transactions and serving customers, it may time to take a closer look at your website provider’s security arrangements.
1. Do You Have A Secure Chat System?
The ability to ask and answer quick questions through your website sometimes makes the difference in landing more customers. Research has found that consumers are more likely to make a purchase after an online chat session with a company. However, poorly designed chat presents a security challenge. What if your prospects and customers share personal information about their accounts? You need a way to secure everything that goes through chat.
The LuxSci Solution.
LuxSci offers SecureChat to ensure secure, reliable chat interactions. You can think of it as a secure alternative to instant messaging services like Skype and Google Chat (“GChat”). Available through desktop browsers and mobile devices, SecureChat is a popular solution for the medical field. Our research has found doctor response times are significantly reduced from using this system.
3. Do You Have Secure Website Forms?
Asking customers to provide orders and information about their needs through your website is a great way to improve productivity. However, if you handle sensitive information such as medical data, then you may face questions on how you handle and secure that information. Offering a secure form means patients and customers can do business with you in confidence online rather than dropping off files at your office.
Resource: Curious to find out more about creating secure web forms? Read our article – Creating Secure Web Pages and Forms: What You Need to Know.
The LuxSci Solution.
Whether you use online forms or PDFs, LuxSci’s SecureForm has you covered. SecureForm also protects you from viruses if someone attempts to attack your website through one of your online forms.
3. Can You Simplify Web Security Certificates For Me?
Have you ever visited a website and received an error like this: “There is a problem with this website’s security certificate”?
It’s not an encouraging sign! Like it or not, such notifications send the message that the company doesn’t care about their website or security. Your customers may wonder if their information is actually safe in their dealings with your company. At the same time, you may have no patience or interest in learning the details of security certificates.
The LuxSci Solution
LuxSci’s approach to online business reflects a deep commitment to security. That commitment extends to setting up and managing TLS/SSL certificates for our customers. In addition to keeping technical details out of your ear, we track all certificates to make sure that they never expire.
Get A Second Opinion on Your Website’s Security
Many organizations become complacent about their online security because they have yet to suffer an attack. That reactive mindset tends to lead to major problems. What if your company lands a major contract with the government or a Fortune 500 firm? Such customers tend to ask highly detailed questions about your security practices. To secure these opportunities and give assurance to your current customers, you owe it to yourself to review your online security.
Contact LuxSci today to see if your website, email and messaging security meet today’s high standards. A small investment today can save you much pain and anxiety in the future.
- Seal the Deal — Certification Seals on your Web Site Instill Confidence
- HIPAA Compliant Emails Sent From your Web Site: Best Practices
- If my web site is very simple, do I have to worry about HIPAA compliance?
- Should your web site database have its own dedicated server?
- How to Protect Yourself from Password Theft