Welcome to the third article in our Making Security Makes Sense to Clients series.
In my first post I discussed the importance of security for your business and your own websites and in my second post, I showed you the benefits of securing your client sites, before handing them over.
In this post, I’m going to share why security education is important and how to educate your clients about security in terms they’ll easily understand as it applies to their businesses.
Educating your clients (and potential clients) about website security isn’t just the right thing for your business, it’s the right thing to do period. Let’s talk about why that is, who’s ultimately responsible for website security, and how a dedicated focus on security can help set you apart from the crowd while increasing your value and revenue.
When I said that sharing website security education was the right thing to do, I was speaking from a global perspective. As we all know, the internet is an incredible tool for communication, connecting with others, and for building a business. But just like walking through a dark city alone at night, it’s critical that we all become more aware of our surroundings and the potential threats that lurk in the shadows.
As I see it, and because I’ve been directly affected by a lack of security, it’s our responsibility as web industry professionals, to spread as much awareness about security as possible.
Is it you? Is it your clients? Is it the web hosting provider?
The short answer is “all three” but to varying degrees. The long answer is that ultimately, the security of a website is the responsibility of the website owner. Let’s use an apartment building as an analogy to better understand why that is.
Developing a website is like constructing an apartment building. We’re the construction company. It’s our responsibility to ensure that the structure is solid and meets all the codes. We need to ensure that there are no exposed wires and that the walls are supported and strong. In other words, making sure that building (or website) doesn’t fall down.
The website host is responsible for the security and maintenance of their servers. Like an apartment building superintendent, shared hosting providers are responsible for making sure the building (or the server) is protected and the exterior fence locks, the parking lot is safe and secure, etc.
As a website owner, the security and maintenance of your website is your responsibility, just like your individual apartment within an apartment complex. It’s expected that we lock our own doors and windows to prevent intruders and the same is true for our websites.
If you’re educating your clients about website security from the first phone call or email, you’re already starting to set yourself apart. And when you expand that conversation into explaining website security for their business, you can quickly position yourself as an expert and become more valuable to your client. This ensures that even if you don’t move forward with a proposal, they know where you stand and will be more likely to come back to you if (and when) they have a specific security need.
The last (and one of the most important) benefits of educating your clients about website security, is that it presents additional revenue opportunities for you and your business.
As an example, you could demand higher project prices overall because you’ve successfully positioned yourself as an expert and recommended resource. Imagine going from a $1,000 minimum project price to a $10,000 or even $50,000 minimum. It can happen and it’s not hard to do. The key to creating an additional revenue stream is to provide immense value to your client that they can’t get with anyone else. You can do this by communicating your unique value proposition effectively from the very first contact.
It could also come in the form of residual income, which would include your monthly maintenance plan and/or one time add-on services (like a one-time security scan or a one time clean) or even affiliate commissions by referring them to the right website security solution for their needs.
Communicating the need for security is important and again, it starts with education. But how do you explain the subject of website security in terms that your clients will easily digest and understand?
Even mentioning the words “website security” to a client can cause them to tune out or worse yet, assume they “aren’t technical enough” and make a rash decision against a security option. However, if we break down website security into basic questions then it’s much easier to understand. It then becomes easier to communicate its importance to business owners with concepts and terms more familiar to them.
It doesn’t have to be overly complicated and can come down to knowing the answers to these three questions about website hacks.
Why would someone want to hack a website anyway? Sure, we’ve all seen the hacking tactic known as a defacement. This is where a cyber attacker might replace your main page with a message of their own to make a statement. It could be a political or religious message or simply a slice of internet “fame”. Hey, look what I did!?
But the overwhelmingly popular reason that websites get hacked is for financial gain. These hacks can be as serious as Equifax (with data on 143 million individuals stolen), or as mundane as the hack that redirects your site to who knows where using the attacker’s affiliate ID so they earn a commission for sending traffic.
Unfortunately, hackers don’t discriminate between the types of websites they attack. Even if it’s just a simple 5 page brochure-type site, it’s still an attractive target if it can be used as an “open door” for attackers to spread malware across sites on the same shared hosting server, and then to the visitors of those compromised sites.
When we think of hackers, the common stereotype is some angsty anti-social person in the basement of their Mom’s house specifically targeting individual websites. Although I’m sure there’s a handful of stereotypical hackers out there, the overwhelming majority of website attacks and successful hacks are performed by automated bots. Or in other words, MALicious softWARE.
So how do these happen?
Website compromises can happen in many ways, but in the interest of keeping it simple, it all comes down to vulnerabilities found at various access points. Access points can include outdated software, passwords and newly discovered vulnerabilities, even in up-to-date software.
Unfortunately, it’s not a question of if a website will experience an attack, but when. Hacking attempts happen all day, every day.
Here’s a visual example from Norse’s real-time threat tracker, showing cyber attacks happening around the world.
As you can see, taking an educational approach to website security with your clients can have several benefits, starting with more awareness of internet security.
More importantly, your clients will have a deeper understanding of website security threats that apply to their own businesses, which then makes them more likely to agree to the proactive security measures you’re including in your monthly maintenance plans or as add-on services.
The end result is more secure websites for you and your clients, and additional revenue and growth for your website development business.
Stay tuned for next week’s article where I’ll share 5 Simple Website Security Best Practices and show you just how easy it is to reduce the attack radius of any website.