More and more customers now prefer an online experience over a physical encounter with your business. It’s becoming increasingly popular to order products and services online rather than in a store. Although being online presents great opportunities, it also has its risks. These risks can pose a threat to your company and your customers. It’s important to ensure that you prioritise your customers’ security and take the necessary steps to avoid a breach of data.
Not only will it be harmful to your customers, but it will also harm your brand, your reputation and consumer trust if you were to experience a breach. This kind of activity is also heavily regulated, primarily by the Data Protection Act (DPA) which is the UK’s implementation of the General Data Protection Regulation (GDPR). The Information Commissioner’s Office (ICO), regulatory body who has the power to fine businesses that don’t abide by the DPA. Fines can be as high as £500,000.
Here are some useful tips for staying secure online!
Your Website
Using HTTPS
An essential step to take when it comes to your website security is using HTTPS (Hypertext Transfer Protocol Secure). This will encrypt the connection between a user’s browser and a website.
It will help to protect the information sent and received by making it more difficult for others to intercept it.
“I don’t collect sensitive information on my website, do I still need to do this?”
Even if you don’t deal with personal information from visitors, you should still use HTTPS. Information about a visit can potentially reveal sensitive information about the visitor and be intercepted by a cybercriminal.
If you want to improve your website ranking on search engines, having a secure website will contribute to this!
Using Secure Login Details
Keep a secure password for your FTP account and change it monthly. If you struggle on creating strong passwords, a great tool is Strong Password Generator. Your FTP account is used for uploading and managing files on your website, so it’s essential to avoid any unwanted access.
If you are using WordPress or another CMS, keep the passwords for those secure too.
Create a Backup
If anything goes wrong, you’ll want to have a backup that you can revert to. You can decide how often you want to create a backup and what you want to include in the backup. We recommend backing up databases every week and a whole website backup monthly.
If you are using WordPress, you can install a plugin that will automatically do this for you. We use UpdraftPlus – Backup/Restore.
Letting Your Customers Know
If you do experience a breach, you need to make your customers aware. Make sure you mention what data has been breached in case your customers need to change any details to avoid any further damage.
It will harm your business, but it will harm it even more if you don’t make them aware or they find out at a later date. Damage control is important to minimise the threat and the damage to your reputation and credibility.
Other Great Tips
Open Solution created a great list of tips for their “Security Tips” campaign:
Learn these rules to increase your security:
- use antivirus software
- don’t store your FTP account password in programs like Total Commander, Filezilla etc.
- limit the FTP access to specific IP addresses. Professional hosting providers allow for that.
- use the “Options – Indexes” instruction in the .htaccess file, it will make subdirectories files lists impossible to view from the outside.
- use all available bug fixes on our website, but it’s best to update your script to the latest version – it also grants you access to new plugins and skins.
- be thorough in filtering scripts you install and share with our software. Many times we’ve heard that someone hacked a shopping cart’s website using an opening on a subpage running on another script like WordPress. These things happen when on one server account there are several websites.
- change the administration panel login “admin” to something else, also change the name of the file that runs the admin panel “admin.php” to something else
Social Media
Train Your Customer Care Employees
Many companies will now have a team dedicated to handling social media enquiries and will sometimes even make a separate social media account for help and support.
54% of customers prefer social messaging channels for care over phone or email, which means customers are more likely to go through social media to contact you about a problem or concern. This is why it’s important to train your customer care team in what they can and cannot request from customers and when an enquiry should be moved to direct messaging rather than being public.
Make sure they are being GDPR compliant and equip them with a list of data types to avoid.
Authenticate Your Customers
Check your customer is who they say they are so you aren’t giving away personal information to the wrong person. There are multiple ways you can do this, you can send a text message or email with a code and ask them to confirm it to you. If you are still unsure, you could move the conversation to a different communication channel such as a phone call – especially if the information is extremely sensitive.
If the information isn’t sensitive, such as they are wondering when an item will be delivered and have their tracking or confirmation code, then you may not have to worry about authentication.
Keep Your Passwords Secure
Just like with your website, make sure your passwords are secure for your social media accounts. Employees will often use their personal accounts to manage a business on Facebook, so ensure they have secure passwords to protect consumer data.
Employee Access
Facebook is great for giving certain permissions to certain people. It will allow you to keep track of who is responsible for what and what they have access to. If an employee leaves that had access to your social media channels, make sure you have removed any access from them. You will have to reset the passwords for accounts such as Twitter and LinkedIn so they can’t access them after they’ve left.
Emails
Always Bcc
Always, always make sure you blind copy recipients into an email if you’re sending it out to multiple customers! It’s an easy mistake to make and many companies have been under fire for this.
Using MailChimp or other email marketing automation services, will take care of the process for you when you send out an email in bulk.
Provide an Unsubscribe Option
Don’t force your customers to receive your emails, it can be annoying. Show them that you care about their data. Provide an unsubscribe option at the bottom of the email for any promotional campaigns you send out.
Again, MailChimp /email marketing automation platforms will take care of unsubscribed customers for you.
Personal Information Through Email
If you can, avoid exchanging personal information through email. A great option if you deal with a lot of sensitive information from customers is to use a portal, which will allow users to log in and change their personal information as well as offer an ‘inbox’ to communicate. Everything will be encrypted and notifications of new messages will still be sent through to email but not state the information in the message.
If you are dealing with sensitive information over email, compress that information into a .zip file that is password protected and communicate the password to the recipient through a phone call or SMS.
You can also enable STARTTLS and DANE for all of your organisation’s incoming and outgoing email traffic. These are extra steps that will keep email communication encrypted and secure – but be aware it will not solve all of your GDPR issues. It’s important to consider other steps.
Here is a facts sheet available for STARTTLS and DANE.
Careful of Phishing Emails
Some emails can look convincing and appear as if they are coming from your work colleagues or official companies. Be aware – there is no reason to ask for personal information through email, especially if you haven’t approached a company first. You can check links without opening them here – http://checkshorturl.com/
If it’s an email with a link asking you to login with your work email, check the link with your IT department first.
Cybercriminals that gain access to your login details could have access to sensitive information from all of the customer emails in your inbox.
If you think you have been tricked, change your login details immediately and contact your IT support.
Digital Marketing Apprenticeship
The B2W Group offers a Level 3 Digital Marketer Apprenticeship in the North West and South Yorkshire areas. The 18-month programme covers topics such as social media management, email campaigns and the security measures that can keep your computer system and your personal information secure.
Find out more about our Government-funded apprenticeship here.
