Welcome to the second article in our Making Security Makes Sense to Clients series.
In our first post, I talked about the importance of securing your own site first, and what can happen if you don’t. If you’ll recall, a website hack ruined my first internet business and I want to make sure you’re doing all you can to mitigate the risks to your own website, and those of your clients.
Let’s assume your own site is secured. Great. Now, what about your client sites? Are you actively implementing basic security best practices on the sites you hand over? This post will talk about why securing your clients’ websites is important to your immediate and long-term business.
Have you ever received frantic emails or phone calls from clients that something’s wrong with their site? Yes? Me too. Have these emails and phone calls come during your so-called “time off” in the evenings or on the weekend? Yep. Me too. We all know that managing client communications can be taxing and many times their “emergency” can wait until Monday. However…
Now imagine your client includes the phrase “my site is hacked!” or “my site is redirecting to viagra or porn sites!” As their “technical contact” its our responsibility to ensure that we can fix whatever problem they’re experiencing. I’ve had this exact call and heard these exact phrases by flustered clients. Subsequently, I spent an entire weekend trying to determine the problem and recommend a solution in order to keep my client’s business running.
Securing your client’s sites BEFORE the handoff will save you time, money and headaches. And even if securing their site is out of your project scope, I feel that as web development providers, we have a responsibility to AT LEAST educate them and urge them to implement basic security best practices.
Whether it’s securing client sites proactively, or giving them the education and tools they need to do it themselves, the end result is YOUR PEACE OF MIND. And that of your clients, of course.
I recommend mentioning the importance of security from the very first contact. By asking security-specific questions during the project discovery phase, you already start to set yourself apart. When you expand those questions into an explanation of website security as it pertains to the business goals of your clients, you can quickly position yourself as an expert and become more valuable. At the very least, this ensures that even if you don’t move forward with a proposal, they know where you stand and will be more likely to come back to you.
As I mentioned above, and will be expanding on in upcoming articles in this series, selling website security to clients starts with education. This includes…
In the cybersecurity space there is no magic bullet. Almost as fast as new security measures are developed and integrated into scanners and web application firewalls, new malware threats are being created. This is why Sitelock has a dedicated Research team to identify and block new malware strains every day. In fact, our latest SiteLock Website Security Insider Report shows that websites experienced 44 attacks per day on average in Q4 2017, which is roughly 16,000 attacks in one year alone.
Being real with your customers about the need to secure their websites comes down to education. Teaching them about the risks of an infected site without using fear as the sales technique is key. When they learn why and how website hacks happen, it’s much easier to describe the risk in terms of their business model.
Website security is a vast topic with many individual “pieces of the puzzle.” When combined, putting these pieces in the proper order can reduce a websites’ attack surface and mitigate risk. When discussing the importance of a security plan with clients, it’s best to keep the discussion as simple as possible.
Clients typically don’t need (or want) to know the details of how any particular malware script infects a site, they only need to know that it happens. They also need to know that employing tools, like daily malware scanners and a web application firewalls, can reduce the risk to their business.
Consider sharing case studies from other businesses who have experienced a hacked website. This provides social proof and can be a powerful motivator. If you’re not familiar with the term “social proof” and why it matters, consider this from Conversion XL:
Social proof is based on the idea of normative social influence, which states that people will conform in order to be liked by, similar to or accepted by the influencer (or society).
When you’re browsing a landing page and see a testimonial from an industry expert you respect, that’s social proof. When you’re cruising a pricing page and you see that an industry giant is already using the tool, that’s social proof. When you sign up for a demo because you see the tool solved the exact problem you have for a similar company, that’s social proof.
Essentially, it’s borrowing third-party influence to sway potential customers.
Case studies also provide factual data to show how others have been affected by a lack of website security and how they addressed the issue. Take a look at our own customer case studies and feel free to share these with your clients.
Stay tuned for next week’s article when I share more about educating clients on security. I’ll explain why, how and who are attacking websites and how to communicate this easily to clients.