Advances in technology enable us to do amazing things, among them the ability to buy almost anything you want online. But where there’s someone diligently working to earn a living, there are others trying to make a quick buck through nefarious means.
With the rise of online shopping, we’ve seen an astronomical increase of personal data available online, and as a result there are now more fraudsters and thieves making careers out of stealing others’ data than ever. Research firm IDG reported 36% more cybersecurity incidents in 2016 than the year prior. We’ve all seen the headlines — high-profile breaches impacting large brands such as Target, Yahoo, and the like raise continued questions of data safety. While media attention tends to focus on security breaches impacting household brand names, small businesses unfortunately are just as vulnerable. According to the 2016 Symantec Intelligence Report, 43% of cyber attacks globally occur at companies with less than 250 employees, making them only slightly less at risk than big-box retailers.
The difference is that for a small business, the cost of a breach can prove catastrophic. A recent KPMG report found that 19% of consumers would abandon a retailer entirely following a hack, and another 33% would avoid a breached retailer for at least three months.
By 2019, Juniper Research estimates that the cost of data breaches will rise to a whopping $2.1 trillion globally – nearly 4X the cost of breaches in 2015. As a business owner, it’s in your company’s best interest to be proactive. If small business owners had a better understanding of the security tools available to them, many of these attacks could be prevented, or dramatically reduced in impact.
So what can your company do to protect itself?
The answer doesn’t have to involve a costly increase in security-related hiring, dedicating a percentage of your staff’s time to scrutinizing every purchase or monitoring all site activity. Often, it’s as simple as understanding the tools at your disposal and taking small steps that, when applied in tandem, help to alleviate business headache and create a safer site for your customers.
Below are a few proactive steps your business should consider to increase your web security.
SSL, or Secure Socket Layer, is the foundation of a safe site. It – along with its successor Transport Layer Security (TLS) – serves as the standard security technology that establishes an encrypted link between a web server and a browser. It’s value is unmistakable, yet majority of websites globally don’t yet have SSL/TLS. At the very least, invest in a robust SSL/TLS certificate for your site. The cost is minimal, but the impact it can have on site security is immeasurable.
Once you have a SSL/TLS certificate, you should also switch your website to site-wide HTTPS. Up until a few years ago, it was widely assumed that our personal data was safe so long as the websites where we shopped offered a secure checkout page. We now know that sensitive data is often transmitted on many unprotected pages when loading a website over HTTP, in which cases someone else on the network could view or modify the site before it gets to you, severely diminishing security. As such, there’s been a concerted effort by Apple, Google, Microsoft and others in the industry to increase browser security across the web; this February Google announced that any site without site-wide HTTPS designation will be identified in the Chrome search bar as “Not Secure” and will impact SEO. Not only will moving to a full site-wide encryption help your customers know they are shopping in a more safe environment, it helps you rank higher in search.
Like the “Not Secure” designation in the search bar, consumers often look at the visual cues of a website to determine its security rather than its true technical integrations, and their absence can raise a major red flag. In fact, a 2016 Baymard Institute survey found that 18% of all abandoned shopping carts result from a consumer’s lack of trust in the site. Adding a trust seal from a recognized security company or better yet, stacking multiple trust seals to make the most impact, can help reinforce your site’s security in the mind of your customers. Well-known brands like Norton/Symantec, Google and Better Business Bureau are shown to have a perceived consumer trust 2X higher than others.
Although HTTPS and SSL/TLS are hugely beneficial for your site security, they are often just the first steps and it’s important to make sure you have multiple measures in place to maintain a truly secure site. The best thing merchants can do for security is to work with a platform like BigCommerce that employs an Information Security team and verifies their security through reputable third-party auditors, as well as runs penetration tests conducted by certified “white hat” information security firms.
In 2017, website security should be top priority for retailers of all sizes. As you begin to bulk up your site security this year, take time to consider the impact that these tools can have on your business. If you work with any third-party service providers, don’t hesitate to ask the difficult security questions and consider the impact the changes you make now could have on your business for years to come.
Jimmy Duvall is Chief Product Officer at BigCommerce