As a small business owner or manager, you are responsible for your customers’ email addresses, phone numbers and billing addresses the second they type the information into a form on your website. This type of data — known as personally identifiable information (PII) — is in high demand among hackers, which is why it's important to implement webform security best practices on your small business website.
What do hackers do with PII?
Hackers don't usually have a direct interest in your customers’ PII. Instead, they profit when they sell the data on the dark web (also known as the online black market) for a median price of $21.35 per record.
For example, a hacker can tap into a rental property manager’s database to extract credit card information. The going rate to destroy someone's credit or steal their identity is less than $25.
Cyber thieves then mine the information and attempt to access additional accounts since most people don't use password best practices.
Even scarier, there are those who are surreptitiously working to piece together information about your customers that they collect from multiple sources into whole identities — from photos to addresses to Social Security numbers and dates of birth.
In this digital age, it's actually quite easy to gather and use this information.
If a breach or a cyberattack happens to your company, every customer whose information passed through your webform can be at risk, which subsequently exposes you to a substantial amount of liability.
Webform security best practices
Chances are you spent a small fortune building your website to attract, engage and convert potential customers. However, a beautiful website is only half of the equation.
You also need to ensure that your visitors' information is safe and secure.
You can do that by implementing key webform security best practices:
- Install an SSL certificate.
- Use a trusted hosting provider.
- Stay on top of website patches and plugin updates.
Avoid exposing your customers’ PII with a safer website.
1. Install an SSL certificate
Installing an SSL certificate on your website is mission-critical, even if you’re not collecting credit card or payment information.
SSL stands for Secure Sockets Layer, which gives your website URL that "https" that you see more and more around the web. SSL certificates protect information entered into your website by building a secure and encrypted connection between the customers’ browser and your web server.
SSL certificates are becoming increasingly necessary because search engines like Google now use SSL as a ranking signal in their search algorithms. If a website doesn’t have an SSL certificate, Google's Chrome browser will mark it as "not secure."
With both security and SEO benefits, a GoDaddy SSL certificate can be a smart purchase for your website.
Related: Does your website need an SSL certificate?
2. Use a trusted hosting provider
Your website hosting provider is integral to the success (or failure) of your website’s security.
When you’re looking for the best hosting company, there are seven major factors to consider:
- Storage
- Bandwidth
- Scalability
- Reliability
- Security
- Backups
- 24/7 technical support
For the sake of this article, let’s look specifically at web hosting provider security. Most providers list the measures they will take to safeguard your website. If they don't, then be sure to call and ask.
GoDaddy offers a comprehensive website security program, powered by Sucuri, which includes automatic daily security scans and the removal of cyber threats from your website.
Investing in a service like this will provide peace of mind that your customers’ PII is secure from prying eyes.
3. Stay on top of website patches and plugin updates
Depending on your website's content management system (CMS), you may need to install patches and update plugins as they become available.
The term CMS refers to a software application used to create and manage digital content. One of the most common CMS platforms is WordPress, which requires updates on a near-regular basis. WordPress often releases updates to its core files containing fixes for the latest security issues and vulnerabilities.
In addition to core files, your WordPress theme and plugins will also need regular updates.
Webform security best practices also include installing a WordPress security plugin on your website. Free WordPress plugins offer a number of features including security activity auditing, remote malware scanning, blocklist monitoring, effective security hardening, post-hack security actions and security notifications.
Taking these proactive steps will help you protect your customers’ PII and hold hackers at bay.
Related: WordPress Security Resources
A good site is a secure site
Although hackers are champing at the bit for your customers’ personal information, there are ways to safeguard your website and protect yourself from a potential security breach.
By following webform security best practices, including installing an SSL certificate, using trusted hosting providers like GoDaddy, and keeping your website CMS updated, you can help to ensure the information entered into your webforms won't fall into the wrong hands.