Trust in IT Security is Hard to Win and Easy to Lose: 7 Tips to Boost Customer Confidence in Your Site
Originally published on August 11, 2017 by Paessler Editorial Team
Last updated on March 03, 2022 • 13 minute read
If you feel safe, you also have trust. A simple conclusion that also applies to your company’s websites, online shops and IT infrastructure.
The scandals are piling up: Websites are getting hacked, passwords and credit card information is being sold. As an internet user, you no longer know where your data will end up. This results in increasing uncertainty, which also has an effect on the basic trust that people have in websites and online shops. That is why you should actively establish trust.
But what gains the most trust is a non-event - when something doesn’t happen. If millions of customer data records are not stolen, then your company’s image is not damaged permanently or for a long period of time. That is why you should also take security measures that your customers will not directly see. Talk about the priority that you give to the security of customer data. Have this certified by a certificate of quality.
“No catastrophe” pays off.
If you manage to give your customers a good feeling on your site or in your online shop, this does not only motivate them to return, but they will also recommend you to others: Become the solution that insiders go to that makes online customers feel well taken care of!
1) Securely Transport Customer Data: Set-up HTTPS Encryption
It is recommended to encrypt data transport through the internet with the SSL/TSL protocol and have this certified by third parties.
You can prevent “man in the middle attacks” through the encryption of the HTTP connection using the SSL protocol. Evil third-parties can no longer access the data that is being exchanged between the sender and recipient. This is particularly relevant for sensitive user information such as credit card information, login data or private messages. This protects the privacy of your visitors and customers.
Through the SSL certificate, the customer does not simply have to rely on your claim, but rather they also have a confirmation by an independent entity and can be certain that your website is encrypted and you are the one you say you are.
You can obtain the SSL certificate through one of the official certificate authorities (CA), through your hosting provider or the free alternative “Let’s encrypt.” SSL certificates are affordable or even free of charge for SMEs.
2) Careful Handling of Data in Internal IT Infrastructures
The careful handling of customer and company data is based on a series of security measures. In principle, sensitive customer data, such as passwords or credit card numbers, must be saved with encryption. The german lawmakers regulate this in § 13 section 7 Telemediengesetz (Telemedia Act or TMG) and you can find equivalent statutes in European or Canadian legislation.
But the protection of data goes much further. This includes a secure server room with all access controls, a differentiated assignment of rights so that only those who need it will be able to access the data, firewalls against hacker attacks, training for employees regarding security questions (for example, not clicking on every link in every email), and a professional monitoring of the network,hardware, servers, server room and firewall so that IT infrastructure and protective system failures as well as suspicious traffic can be recognized quickly.
There’s no getting around it: 100% security does not exist. In the event that a data catastrophe occurs despite all precautionary measures, you should prepare a transparent and fast catastrophe management: Quickly inform customers, communicate that you are taking care of everything, give them instructions on what they can do as customers, organize PR work and of course, have the resources to quickly close the holes in security.
3) Protect Data in the Cloud Through Client-Side Encryption
If there is not an independent infrastructure for data exchange with customers or suppliers, employees use their own cloud services. The internal IT department cannot control this, often they don’t even know about it. That is a risk for data privacy and company secrets. That is why it is recommended to develop an independent solution for data transfers or to complete a service provider agreement with a provider.
Data exchange encryption via SSL is the absolute minimum. However, the data is still on the server without encryption. Server-side encryption fixes this problem, but still has the disadvantage that the key for encryption is also on the server. The most secure solution is a client-side solution where the server is dependent on the client to encrypt data.
4) Free Website Check for Malware With Initiative S
Is your website already a part of a bot network for phishing mails, economic espionage or website outages? Before you say no in disgust: German websites are very popular as targets. That is why German companies should pay close attention to make sure that their websites are not being abused. Thanks to the “Initiative S,” an offer from the Federal Ministry of Economics and Energy, this is very simple: You can test your website free of charge.
Register at www.initative-s.de to examine your website for malware. You will receive instructions by mail to remove any viruses or Trojans that are discovered. A team of experts is available to answer your questions. And then you should make sure that malware doesn’t have a chance.The Mozilla Foundation also offers a free security check called Observatory!
5) Transparent Design of Compliance With Legal Provisions
There are other components that can be used to establish trust with potential customers: A more transparent handling of formalities and compliance with data privacy provisions. This does not only help you reach legal certainty, but you also signal to your customers looking out for this that you take your business seriously, that you are a professional. This includes a clear formulation of the general terms and conditions, uncomplicated access to the complete company details and compliance with data privacy provisions, such as with the usage of Google Analytics.
6) A Website Structure that gains Trust (Usability)
A website that has a clear design, is organized and has a user-friendly layout inspires more trust. Neither sudden error notifications nor annoying advertising banners should appear. And the page should load quickly. If it takes too long to load, this may cause a lack of trust and worries about undesired malware being loaded as well.
Good navigation that leads to the destination and does not get the customer lost somewhere gives them a feeling of control. This is important because a loss of control may lead to the customer canceling the purchase. Usability is therefore an indispensable criterion for website design.
A small tip: Even if you don’t want your customer to go back after starting the order process, you should still allow them to do this. Being stuck may cause a lot of frustration; the loss of control will lead to negative emotions towards your company.
7) Establish Trust With User interaction
Allow your users to give feedback by being available on Facebook and other platforms for questions, complaints and comments or create other reliable contact options. The contact should never be hidden somewhere on distant pages. If it is easy for potential customers to contact you, then you are conveying that your company has nothing to hide.
Give your company a face! Show something real that the users can use to get a picture. This may be background information about your company, photos of the company headquarters, employee profiles or current news. By providing a look behind the scenes, visitors can be convinced that they are not just conversing with a virtual mailbox company. When the company presents itself in a genuine way, it will generate trust in its processes and products.
If you can quickly find help and answers to questions on the website, then the customer will trust that he or she will receive quick and simple help if there are order problems and they will not be stuck with the problem. An answering machine should not provide answers, but rather an entire team. Give your customers the feeling that they are in good hands.
You can read the same article in German.