Every week it seems there is a new data breach announced, and those news items are usually for very big companies! What about the rest of us? What can we do to keep the information of our customers and visitors private? A survey by Bank of America Merchant Services and Forrester Consulting found 21% of small businesses suffered a data breach, and the cost to remedy was over $50,000 for almost half of those businesses.*
* How data breaches are hurting small businesses
Building relationships with your customers requires trust. What website practices will help protect your customers’ privacy? While this is not an exhaustive list, here are five areas you should review and take action if necessary.
Make Sure Your Website is Secure
There are a number of steps you should take to make sure that your website platform is secure.
- Use SSL – An SSL certificate encrypts the connection between your website and the viewer’s browser. The little lock icon should appear next to your site when you are viewing it. It’s also a Google ranking factor!
- Get Good Hosting – You may think you got a great deal with that bargain hosting plan, but is the host leaving security up to you? Do you know? Make sure you evaluate what you are getting and that the host takes security seriously. Cheap hosting typically means worse performance as well, which is another Google ranking factor.
- Keep Your Software Updated – Outdated software and add-ons like plug-ins are a major source of website vulnerabilities.
- Use a Web Application Firewall – A web application firewall service like Sucuri, can add an additional layer of protection.
- Use a Payment Gateway – Don’t store credit card information directly on your site. Payment gateways handle the security and PCI compliance for you. Your credit card processing rates will likely be lower as well.
Limit Access to Your Site and Use Strong Passwords
Don’t make it easy for hackers to get access to your site!
Don’t Ask for More Information Than You Need
When you request information from your visitors whether in a contact form, sign up form or order form, only ask for information that you will really use. If you will never call them, don’t ask for their phone number. The less personally identifiable information you are storing the better off you will be.
Remove Out of Date Information
Similarly, don’t keep old information on your website. If you have responded to someone’s contact form or they have an inactive account, delete that data!
For our WordPress sites we use Gravity Forms which has an option to automatically delete form data after a certain time period. If that is not appropriate for your situation, schedule a regular review and deletion of data several times a year.
Privacy policies are required by law for some businesses, but even if it is not required it is good practice to be transparent with your website visitors about the data you collect and how you use and share it.
If you use Google Analytics, the Facebook pixel or any other services for remarketing and tracking, you should disclose this information and how to opt out as well.
You may also be required to comply with specific regulations in place right now for European visitors and those from California:
- The General Data Protection Regulation (GDPR) is a comprehensive set of regulations designed to give EU citizens more control over their personal data and privacy – no matter where in the world their data is used. See a summary of GDPR here.
- The California Consumer Privacy Act (CCPA) allows any California consumer to demand to see all the information a company has saved on them, as well as a full list of all the third parties that data is shared with. In addition, the California law allows consumers to sue companies if the privacy guidelines are violated, even if there is no breach. See a summary of CCPA here.
In today’s world you must take your visitors’ privacy and security seriously.