Tag Archives: cybersecurity

Building customers’ trust in your website

Posted on by

The events of the past year have taught business owners many important lessons. One of them is that, when a crisis hits, customers turn on their computers and look to their phones. According to one analysis of U.S. Department of Commerce data, consumers spent $347.26 billion online with U.S. retailers in the first half of 2020 — that’s a 30.1% increase from the same period in 2019.

Although online spending moderated a bit as the year went on, the fact remains that people’s expectations of most companies’ websites have soared. In fact, a June 2020 report by software giant Adobe indicated that the pandemic has markedly accelerated the growth of e-commerce — quite possibly by years, not just months.

Whether you sell directly to the buying public or engage primarily in B2B transactions, building customers’ trust in your website is more important than ever.

Identify yourself

Among the simplest ways to establish trust with customers and prospects is to convey to them that you’re a bona fide business staffed by actual human beings.

Include an “About Us” page with the names, photos and short bios of the owner(s), executives and key staff members. Doing so will help make the site friendlier and more relatable. You don’t want to look anonymous — it makes customers suspicious and less likely to buy.

Beyond that, be sure to clearly provide contact info. This includes a phone number and email address, hours of operation (including time zone), and your mailing address. If you’re a small business, use a street address if possible. Some companies won’t deliver to a P.O. box, and some customers won’t buy if you use one.

Keep contact links easy to find. No one wants to search all over a site looking for a way to get in touch with someone at the business. Include at least one contact link on every page.

Add trust elements

Another increasingly critical feature of business websites is “trust elements.” Examples include:

  • Icons of widely used payment security providers such as PayPal, Verisign and Visa,
  • A variety of payment alternatives, as well as free shipping or lower shipping costs for certain orders, and
  • Professionally coded, aesthetically pleasing and up-to-date layout and graphics.

Check and double-check the spelling and grammar used on your site. Remember, one of the hallmarks of many Internet scams is sloppy or nonsensical use of language.

Also, regularly check all links. Nothing sends a customer off to a competitor more quickly than the frustration of encountering nonfunctioning links. Such problems may also lead visitors to think they’ve been hacked.

Abide by the fundamentals

Of course, the cybersecurity of any business website begins (and some would say ends) with fundamental elements such as a responsible provider, firewalls, encryption software and proper password use. Nonetheless, how you design, maintain and update your site will likely have a substantial effect on your company’s profitability. Contact us for help measuring and assessing the impact of e-commerce on your business.

© 2021 Covenant CPA

Should you go phishing with your employees?

Posted on by

Every business owner is aware of the threat posed by cybercriminals. If a hacker were to gain access to the sensitive data about your business, customers or employees, the damage to your reputation and profitability could be severe.

You’re also probably aware of the specific danger of “phishing.” This is when a fraudster sends a phony communication (usually an email, but sometimes a text or instant message) that appears to be from a reputable source. The criminal’s objective is either to get recipients to reveal sensitive personal or company information or to click on a link exposing their computers to malicious software.

It’s a terrible thing to do, of course. Maybe you should give it a try.

An upfront investment

That’s right, many businesses are intentionally sending fake emails to their employees to determine how many recipients will fall for the scams and how much risk the companies face. These “phishing simulations” can be revealing and helpful, but they’re also fraught with hazards both financial and ethical.

On the financial side, a phishing simulation generally calls for an investment in software designed to create and distribute “realistic” phishing emails and then gather risk-assessment data. There are free, open-source platforms you might try. But their functionality is limited, and you’ll have to install and use them yourself without external tech support.

Commercially available phishing simulators are rich in features. Many come with educational tools so you can not only determine whether employees will fall for phishing scams, but also teach them how to avoid doing so. Developers typically offer installation assistance and ongoing support as well.

However, you’ll need to establish a budget and shop carefully. You must then regularly use the software as part of your company’s wider IT security measures to get an adequate return on investment.

Ethical quandaries

As mentioned, phishing simulations present ethical risks. Some might say that the very act of sending a deceptive email to employees is a betrayal of trust. What’s worse, if the simulated phishing message exploits particularly sensitive fears, you could incur a backlash from both employees and the public at large.

A major media company recently learned this the hard way when it tried to lure employees to respond to a phishing simulation email with promises of cash bonuses to those who remained on staff following layoffs related to the COVID-19 pandemic. Users who “clicked through” were met with a shaming message that they’d just failed a cybersecurity test. Angry employees took to social media, the story spread and the company’s reputation as an employer took a major hit.

Plan carefully

Adding phishing simulations to your cybersecurity arsenal may be a good idea. Just bear in mind that these aren’t a “one and done” type of activity. Simulations must be part of a well-planned, long-term and broadly executed effort that seeks to empathetically educate users, not alienate them. Contact us to discuss ways to prudently handle IT costs.

© 2020 Covenant CPA