Here are a few steps you can take to protect your site and information systems from spammers, hackers and unethical marketing firms.
The Facebook-Cambridge Analytica data leak scandal simply refuses to die down. Facebook’s stock is down over 13% since the leak and CEO Mark Zuckerberg has reportedly decided he will testify before the US Congress on this issue. Closer to home, the IT Ministry has served a notice to Facebook, asking them to come clean on possible misuse of user data to manipulate the Indian electoral process.
The ministry has asked a very pointed question to Facebook, “What are the specific steps proposed to be taken by Facebook to prevent any misuse of personal data…” While Facebook, Google, Amazon and other giants in the online space probably have a very good answer (even if it’s just on paper) to this question, SMEs (small to medium enterprises) are ill prepared for a data breach on their websites or apps.
The situation is exacerbated in India, where websites, app developers or social media networks are not regulated in terms of the user data they collect. As a result, these platforms take almost no precautions to ensure their data is safe from hacking or leaks.
However, a proactive organization must always take the necessary steps to safeguard their website and customer data, if they want to gain and sustain the continued trust of their customers. Here are a few steps you can take to protect your site and information systems from spammers, hackers and unethical marketing firms:
1. Switch to HTTPS (if you haven’t already)
Moving your site from the HTTP to the HTTPS internet protocol is the single most important step to take for website owners to take today. It is essential in the larger scheme of things, in order to make the web a safer place to share information or buy and sell products. HTTPS prevents intruders from monitoring the communication between your website and your visitor’s browser. If this information is left unencrypted, hackers can build profiles of users’ identities, purchase behavior, preferences and intents over time.
This is a precarious situation. Google recognizes this fact and has repeatedly promoted HTTPS as the future of the web. So much so that it rewards sites with a good HTTPS implementation with better rankings in its search results. The organization SEMrush, which frequently studies search engines and publishes comprehensive reports on internet usage, has a detailed guide on how you can defend the data integrity of your website and the privacy of your users by converting your domain to HTTPS.
2. Follow European GDPR standards
While the government doesn’t hesitate to issue diktats to companies like Facebook and Google, India woefully lags behind the West when it comes to protecting its citizens’ privacy. There are no regulations that govern how websites or mobile apps are supposed to store and process users’ data. There is no liability on service providers or intermediaries.
In such a scenario, it is up to organizations themselves to prove their trustworthiness and integrity to customers by adopting stringent standards in data handling and management.
And they needn’t look far ahead. The European Union is all set to implement its General Data Protection Regulation (GDPR) standard in a couple of months. By following the same rules, companies can choose to encrypt and manage users’ IP address or web cookie in the same way as their name, address or credit card number. Any data indicative of health conditions, biometrics, social security, political slant or ethnicity can be masked or not collected at all.
3. Use blockchain-enabled marketing and user tracking
As per the reports by CXO, blockchain technology is the next frontier in user tracking, personalization and marketing. By implementing blockchain-enabled “martech”(marketing technology) software on your website or app, brands and publishers can eliminate unscrupulous agencies when selling or purchasing online advertising, and deal directly with each other. Every click or display can be verified, leaving little scope for ad fraudsters or bots trying to hack the site.
Further, customers have full transparency throughout their purchase journey at every online touchpoint. They can get more data on your products, use alternative payment methods, as well as choose how much information they’re willing to reveal in exchange for personalized offers, deals or even advertising. It’s a win-win situation for both the website and its users.
4. Collect and display data according to device
These days, the content that you show to web visitors depends on the device they’re using. And the intent of the user also varies depending on the very same factor! In India, nearly 80% of all internet usage happens via mobile phones. This means the website or app has access to a lot of user attributes, location being the most significant.
Mobile devices provide different information than a desktop or laptop PC to the website. For example, unique users (as opposed to visitors) are identified via user IDs instead of cookies, apps have “screens” as counterparts to web “pages”, shorter session timeouts, different ways to track events (such as a click or tap) and conversions, and so on. Apps could potentially gain access to a user’s whole contact list from their phone.
This is why companies need to make users aware of the data that’s available to them, seek explicit permissions to gather, store and use this information, educate them on the technology (cookies, ID or GPS) by which they’re doing this, and encrypt any data that is transferred using the right protocols for the software and device being used.
5. Over to you
Prevention is certainly better than cure. And the onus of shielding customers from data theft lies squarely with the website. By collecting only data that they really need, tracking the flow of information across their networks, enforcing effective user access controls, and installing systems that actively block unauthorized users and events, companies can acquire that all-important business benefit – brand trust.
The most important thing to do is not wait until a violation or attack has taken place. Have in place a reliable breach response plan, with full employee checks, secure backups, quick restoration of services and notification of the right agencies when an attempt or hack takes place. With a dependable way of doing businesses online, you’re sure to win your customers’ trust, increase engagement, and in the process, sell more.
(By Olga Andrienko, Head of Global Marketing, SEMrush)