Here are a few simple steps to secure websites from data breaches.
The Facebook-Cambridge Analytica data leak scandal simply refuses to die down. Facebook CEO Mark Zuckerberg has testified before the US Congress on this issue. In India, the IT ministry has has asked a very pointed question to Facebook, “What are the specific steps proposed to be taken by Facebook to prevent any misuse of personal data…” While Facebook, Google, Amazon and other giants in the online space probably have a very good answer to this question, SMEs are ill-prepared for a data breach. Here are a few steps you can take to protect your site and information systems from spammers, hackers and unethical marketing firms.
Switch to HTTPS
Moving your site from the HTTP to the HTTPS internet protocol is the single most important step. HTTPS prevents intruders from monitoring the communication between your website and your visitor’s browser.
Follow European GDPR standards
The European Union is all set to implement its General Data Protection Regulation (GDPR) standard in a couple of months. By following the same rules, companies can choose to encrypt and manage users’ IP address or web cookie in the same way as their name, address or credit card number. Any data indicative of health conditions, biometrics, social security, political slant or ethnicity can be masked or not collected at all.
Use blockchain-enabled marketing
By implementing blockchain-enabled “martech”(marketing technology) software on your website or app, brands and publishers can eliminate unscrupulous agencies when selling or purchasing online advertising, and deal directly with each other. Every click or display can be verified, leaving little scope for ad fraudsters or bots trying to hack the site.
Collect, display data as per device
Companies need to make users aware of the data that’s available to them, seek explicit permissions to gather, store and use this information, educate them on the technology (cookies, ID or GPS) by which they’re doing this, and encrypt any data that is transferred using the right protocols for the software and device being used.
Over to you
The onus of shielding customers from data theft, lies squarely with the website. By collecting only data that they really need, tracking the flow of information across their networks, enforcing effective user access controls, and installing systems that actively block unauthorised users and events, companies can acquire that all-important business benefit – brand trust. The most important thing to do is not wait until a violation or attack has taken place.
Olga Andrienko is head of global marketing, SEMrush, an intelligence suite for online marketing.