How to Keep Consumer Data Safe

Infosec is critical in the contemporary world. Large data breaches happen periodically, and smaller ones undoubtedly occur constantly. Our lives are increasingly lived online, and to better serve the customers, companies want to gather as much data as possible. After all, consumers like their personalization. But customers also have to trust that companies will safeguard all this private data.

Hacking attempts are likely, and for large companies, they’re a certainty. So how can business owners protect their customers and their data while still providing an experience based on that data?

Gather only the essentials

This technique minimizes the impact of stolen data. If your main need is to verify the customer – such as when they’re logging in – it is better to only store enough information to verify them. That would be a username and password. Maybe an email address. There is little need to store their credit card details, IP addresses, full name, address, dates of birth, driver license numbers, and whatever other data you think might be interesting.

Take a look at your data collection policy, and cut out anything that isn’t necessary. That way, when a breach occurs, customers will feel less damage. And hopefully remain your customer.

Maintain transparency in policies

While you’re looking at your data collection policy, make sure it is easy to read and divulges all important information. Privacy and data collection policies are often not read by consumers because they are long, tedious, and written in legalese. If you have the resources, write a layperson’s version that succinctly describes the policy.

Then, when you experience a breach, customers will already understand what information was compromised. They can also make informed decisions on how much information to give you, preventing legal trouble later. Perhaps preventing a Congressional summons, too, if you happen to run a large, influential corporation.

Encrypt data

Since data is likely to leak, it is important that the data appears as gibberish. One of the worst possible ways to store data is in plaintext. If all data is stored in plaintext, hackers need only download the data and open it. If the data is encrypted, they need to download the data and either find the keys or crack the encryption.

This means that even if hackers can breach all of your other security procedures, the data they retrieve is useless to them. Theoretically, they could brute force crack your encryption, but more likely they will simply move on to the next victim who does not have encrypted data.

Encryption is not difficult to implement, either, on the disk storage level (where you will be keeping customer data). As for network encryption, Cisco published this neatly laid out checklist.

Outsource to professionals

If you don’t know what encryption is, consider outsourcing your security to another company. There are plenty of security-focused IT companies that perform freelance work to set up secure systems. If you already have a security system in place, consider an audit by a third-party to ensure your in-house system is robust. IT is broad, so it is easy for an individual or even a team to make a couple of mistakes.

Outsourcing for payment systems is an excellent idea for small businesses. PayPal is an excellent example: the company handles all of the security on their end, and all you need to do is pay a small fee for each transaction. Not only is PayPal’s security likely more robust than yours, but it is also reputable – customers will be more willing to finish a transaction through an established channel than enter credit card details into your website. If you don’t like PayPal, find another payment processor to outsource one of the most critical points of security for any e-commerce business.

Educate Customers

One final idea to consider is educating customers themselves. Show them how easily credit card details are stolen. Inform them, in non-technical language, of how encryption protects their data. Demonstrate how your privacy policy minimizes their risks. Have a short section on the best computing security practices.

By doing this, you will build rapport with your customer base, as they will trust your intentions. They may be appreciative of the effort you’ve expended to help them. And most importantly, they will understand how to protect themselves, even if a breach still occurs, reducing the impact on them and your business.

IT is a broad area. IT security is also broad, and data leaks will continue to occur, even with robust security procedures in place. However, you are less likely to be a target if you practice good security because the effort required for attackers increases rapidly.

nick rojas

Nick Rojas is a self-taught, serial entrepreneur who’s enjoyed success working with and consulting for start-ups. Using his journalism training, Nick writes for publications such as Entrepreneur, TechCrunch, and Yahoo. He concentrates on teaching small and medium-sized enterprises how best to manage their social media marketing and define their branding objectives.

What is HTTPS/SSL Encryption & Will It Boost My Google Search Rankings?

Security has always been a top priority for Google. Over the years, the company has invested a lot in ensuring that their services use industry leading security such as strong HTTPS encryption by default. This means that anyone using Google’s services like Search, Google Drive and Gmail automatically have a secure connection to Google’s servers. But beyond their products, Google’s ultimate aim is to make the internet a safer place for users, especially those using its search engine. On august 8th, 2014, Google announced that they will be using website security as a ranking signal. This means that websites that use HTTPS/SSL encryption are going to ranker higher in Google’s search engine. The signal is quite weak at the moment – affecting less than 1% of global queries – but Google did mention that the signal may be strengthened over time to give noncompliant websites time to switch to HTTPS/SSL security. The change is designed to promote online security by encouraging webmasters to implement SSL/TLS to encrypt website traffic. While most major websites had already implemented HTTPS/SSL following Edward Snowden’s revelations of NSA snooping, the standard practice has been to implement a secure connection only at the websites log in page. Making all web connections HTTPS secure by default is the most effective defence against man in the middle attacks thus protecting surfers’ privacy all the time.

What is HTTPS/SSL?

HTTPS (Hyper Text Transfer Protocol Secure) is the more advanced version of HTTP and is usually implemented on websites to keep ecommerce transactions secure. When a surfer visits a websites via HTTPS, the site uses a digital SSL (Secure Sockets Layer) certificate to create a secure connection between the server and the browser. Websites with valid SSL certificate can be easily identified if the address begins with https:// as opposed to http://. Moreover, web browsers such as Firefox and chrome always display a padlock icon to indicate that the site being visited has been secured in this manner. Up until Google’s announcement, HTTPS/SSL encryption had been used by just over ten percent of all websites.

What are the SEO implications of switching to HTTPS?

Having been rolled out recently as a ranking signal, its effect is still incredibly small, and has only had an impact on less than 1% of global search queries. As it stands, running your website via HTTPS is not going to push you to the top of Google’s search results for your keywords; there are literally hundreds of other things you should be doing that would yield better results in terms of improvements in search rankings. But industry experts expect HTTPS to grow in importance over the coming years, which means that it would stand you in good stead to prepare for the inevitable mass shift to HTTPS by preparing the migration early.

What if I already have HTTPS/SSL?

Most ecommerce websites already have HTTPS/SSL encryption enabled in their checkout and login pages to protect user privacy and secure online transactions. But it is important to note that any ranking boost from HHTPS/SSL only applies to SSL enabled web pages. To reap maximum benefits, you need to make your entire domain name, all the files, and URLs SSL secure. The pages then have to be tested to ensure that users don’t get any SSL certificate errors. All videos, images and third party content have to be adapted to ensure that the page doesn’t give a security warning when accessed from a remote browser. In fact, Google recommends using the Qualys Lab tool to test SSL pages and certificates.

What are the negatives?

Done right, there are no downsides that we can absolutely confirm in regards to switching from HTTPS to SSL. While many webmasters have previously expressed concern over the lower load speed of HTTPS sites VS https, the issue has been mostly negated by Google’s work on SPDY. Furthermore, Google Webmaster Tools has been improved to support HTTPS reporting. But to get best results, it is strongly recommended to seek advice from an experienced SEO consultant or developed before making the switch from HTTP to HTTPS.

We recommend playing a wait-see-approach to implementing SSL on your site. If you are not selling products through e-commerce on your website, we would not recommend changing your website to SSL yet. Ask yourself this “When was the last time that Google said something would give you a rankings boost? Even slight?” We can’t remember one. Now this could be viewed as total conspiracy stuff, but what if Google were to set their algorithm to have a higher quality standard for sites with SSL and your site was right on the threshold for quality before going to SSL? Could this mean that your site may give a signal to Google that you are doing SEO on your site and your site ends up penalized? We don’t really know at this point. This is the main reasons why we are going to be patient and test this on a few test sites before we start recommending this to any of our clients at Coronation Internet Marketing.