With headline-grabbing data breaches and high-stake hacks on the rise, earning and maintaining the trust of visitors to one’s website is a mounting challenge, especially for small and medium-sized businesses (SMBs).
Without big budgets or teams of IT professionals, many SMBs lack the know-how and tools to protect their business’ most valuable asset: customer data.
“With new regulations and browser policies coming into play, businesses can no longer afford to turn a blind eye to cyber security,” says Thomas Vollrath, company head of web hosting business, 1-grid.com.
Whether a business has a customer base of 500 or 1-million, building customer databases through a website and conducting business on the cloud has introduced threats to businesses’ assets that cannot be protected with a lock and key.
Web browsers like Google Chrome now scan websites for SSL certification, marking those that do not adequately encrypt user data as “insecure”. Not only does this affect a website’s ranking in searches, but it stands to seriously damage clients’ trust in a business.
“Your reputation as a company is increasingly determined by an ‘https’ prefix and a green tick in the website address bar that confirms your website is secure,” says Vollrath.
Google’s latest policy is its strictest to date, introduced in the wake of landmark new laws like the General Data Protection Regulation (GDPR) and South Africa’s Protection of Personal Information (POPI) Act.
Google now rules that all sites with an ‘http’ prefix are insecure and penalises those with SSL certificates from untrustworthy sources, as more and more scamming and phishing sites are using free certificates to impersonate legitimate businesses.
“Free SSLs are not assigned directly to your company and will be flagged by Google Security – this translates into lower visibility and less traffic for your site,” says Vollrath.
Contrary to popular belief, SMBs are as much at risk of security breaches as larger companies. A 2018 report by American company Verizon found that 61% of data breach victims were small businesses.
“In many ways, SMBs hit hackers’ sweet spots. They tend to have less cyber security, are more likely to pay out ransoms and provide easier backdoor access to the data of bigger enterprises through supplier relationships,” says Vollrath.
In today’s hyper-connected, global economy, customer data is valuable loot and both large and small companies have it.
Vollrath’s advice to SMBs that have not yet invested in cyber security is to purchase a trusted SSL certificate, arrange company-wide training on how to avoid phishing schemes, and ensure all passwords are strong and regularly updated.
“Hackers look for vulnerabilities in log-in processes, so two-factor authentication is critical for access to any confidential information and portals,” says Vollrath.