Website security needs to stop being viewed as an optional add-on and start being viewed as a critical element of website development, ownership and maintenance. No matter what your role, if you’re selling website services, it’s important to educate clients about website security basics.
Unfortunately, all too often the conversation about security is happening at the end of projects, during launch, or even after launch, which is too late. Waiting until the end of a project to talk about website security fails to set proper expectations, fails to prepare the client for the demands of website ownership, and sets them up for unwanted surprises.
Website security needs to be included in client conversations from the very beginning and security education requires a proactive approach throughout the entire project.
One easy way to incorporate website security basics into your service offerings is to provide security services as part of your ongoing monthly website support packages. From the very first sales call, your client conversations should reinforce the importance of life beyond the launch, as well as your ongoing website support and security services.
But how do you do that?
Let’s explore how to educate clients about the critical nature of website security, get them to take it seriously, and persuade them to invest in ongoing security services, too.
Related: Internet Security Resources
6 opportunities to educate your clients about website security basics
You have the power to educate clients about the benefits of having a secure website and what website security actually means. When building a website, there are six key points in the project where you can naturally address website security and provide client education:
On the initial sales call.
In the proposal or contract.
During launch preparation.
On the website training session.
In the post-launch follow-up.
When your clients understand the various website security threats relevant to their website and business, and what is involved with keeping their website secured and protected, they will be more likely to invest in ongoing website services that include security considerations.
1. On the initial sales call
Set yourself apart from competitors and position yourself as a knowledgeable expert by addressing website security basics and ongoing website care during the very first call or email.
This will demonstrate that you don’t just want to build the site and move on, but see the site succeed over the long-term.
On the sales call, introduce your approach to security, why it is important, and why the client needs to take it seriously.
Communicate the primary impacts of a website compromise with your client, including:
Damage to brand reputation
It takes years to build a brand and one unfortunate incident to damage it and destroy trust. A hacked website is one of the fastest ways to jeopardize your brand reputation.
Loss of money
Whether you have a simple brochure site or a giant eCommerce site, if your website gets hacked, it will hurt your business through lost sales and lost opportunity.
Stress and time loss
When a website is hacked, the website owner will experience frustration and stress, they’ll lose valuable hours dealing with hosting providers, developers and security professionals, and they’ll experience worry and fear of it happening again.
Blocklisting with search engines
If the security compromise or hack isn’t discovered fast enough, search engines will blocklist a website and it could lose nearly all of its organic traffic and negatively impact lead generation and sales.
Also get them thinking about the life of the website after launch and ask questions such as:
- What is their position on security?
- How will website security basics be handled?
- How will backups be managed?
- What happens if there is a security incident? Who is responsible?
These questions will give you an idea of how technically savvy the client is and whether or not they have ever thought about website security before. Their answers can also help shape the ongoing website support and security package you offer them.
2. In the proposal or contract
Consider adding a section to your website proposal or contract to address website security.
- Reiterate why an ongoing security plan is critical.
- Outline your security process or approach.
- Share your recommendations.
- Detail who is responsible for keeping the website secure post-launch.
3. During development
During the development stage of a website project, educate the client about the security threats they face as a website owner, as well as the responsibilities of owning a website and keeping it secure.
Help them understand that hackers don’t discriminate
Clients believe their small website will never be a target, but the size of the website doesn’t matter. Hackers will attack any website no matter the size.
Teach them that their information doesn’t matter
Clients think that their website content or information isn’t interesting enough to hack, but most security compromises have nothing to do with the content on the site. Hackers are looking for financial gain, links, and using sites to access other sites in shared hosting environments.
Explain that most hackers aren’t real people
Clients think a hacker is a person attacking their website, but in reality the majority of successful website hacks and attacks are completed by automated bots or malicious software (malware).
Enforce the seriousness of potential threats
Clients always believe that “it won’t happen to them,” but in today’s internet landscape, it’s not a matter of if a website will be attacked, but when it will be attacked.
4. During launch preparation
Set the client up for success and set clear expectations about what goes into keeping a website secure. Make sure the client understands that while they need to invest in ongoing website security services, they also are responsible for keeping their website secure.
Explain simple things they can do to help keep their site safe and reduce the chances of being hacked, such as:
- Be sure your computer’s operating system is updated to the latest security release and turn on automatic updates.
- Ensure your internet browser is up to date and running the latest version.
Make sure any browser add-ons/plugins are up to date. Flash and PDF readers are well known for exploits.
- If running anti-virus software, be sure that it is up to date and your machine has been scanned. If you are not using anti-virus software, turn on the factory firewall.
- Set your home or office wireless network to use encryption/passwords.
- If using an FTP client access site files, be sure you are running the latest version and you are not storing passwords.
- Don’t log in to your website in public places with open networks.
Related: Tools to Secure a Website
Also explain the tasks that they are now responsible for as a website owner:
- Keep WordPress updated and allow automatic updates.
- Major WordPress releases usually add functionality, performance and security upgrades, while incremental updates often address bugs and security vulnerabilities.
- Update plugins when prompted in the WordPress
- Dashboard. Besides feature updates, plugins are also updated for security.
- Always login/logout of your site and do not have your browser remember passwords.
- Use strong passwords with a mix of lowercase letters, uppercase letters, numbers and special characters.
- Do not use duplicate passwords for your WordPress site or any other site where you have an account.
- Maintain backups of your database, theme files, premium plugins, etc.
- Regularly change your WordPress passwords and FTP passwords.
- Control User access to your WordPress site by only granting the appropriate level of administrative power to assistants, subcontractors, etc. This also includes deleting Users when projects are complete/employment terminated.
- Thoroughly research/test any unknown plugins before adding them to your WordPress site.
Related: WordPress Security Resources
5. On the website training session
After the site has been launched, host a training session with the client to walk through the backend of the site, explain how it works, and teach the client to use the unique features you created for them.
This is a great time to educate the client about the security threats they face as a website owner, such as:
- Brute-force attacks: Attempts to guess a correct combination of usernames and passwords to gain access of a website.
- DDoS attacks: Volume-based attacks that overwhelm your server with requests in an effort to disrupt the site performance or crash the site.
- Exploitation of software vulnerabilities: Security flaws in the code of the server, CMS software, plugins, themes or extensions.
During the website training, you also need to address ongoing website support and website security services.
If the client has signed a support contract, review the services you’ll be providing on a monthly basis and the security measures in place to protect their site. Also review what to do if there is a security incident.
If the client has not signed a support contract, once again communicate the responsibilities of being a website owner and the security considerations they need to address. Stress the importance of having a security plan in place and let them know you can take care of all of this for them.
6. In the post-launch follow-up
Once the site is launched and the website training session is complete, the security education is not over. As part of your post-launch follow-up, you have one more opportunity to educate your clients about website security best practices and what to do if there is a security incident.
If they have an ongoing monthly support agreement in place, remind them one more time that you’re handling everything for the client and provide the contact details they can use to get in touch with you if they have any questions or concerns.
If they are not taking security seriously and not investing in monthly support, remind the client what their responsibilities are as a website owner and what they need to do to keep their site secure. Then let the client know that if they ever change their mind or find that they don’t have time to do it themselves, you’re more than happy to step in and help.
Editor’s note: GoDaddy Website Security features various tools to keep a website safe, including malware scanning, removal and prevention. This tool is ideal for small business owners without the time or tech chops to adequately protect their websites against security vulnerabilities.
Security education benefits everyone
There are three main benefits to educating clients about website security.
- A greater awareness of the potential threats, an understanding of what security is and why it is important, and a trusted partner to care for and support the site allows the client to enjoy greater peace of mind, less stress and fewer problems.
- With better educated clients and more strategic conversations around website security, you will be able to close the sale on monthly website support and security packages with greater ease and boost your recurring revenue.
- The internet as a whole benefits from your commitment to security and the education of your clients.
By making website security a priority in your website projects and client education, you will solidify your position as trusted partner in the eyes of your clients and elevate your brand positioning, while feeling great about being a responsible service provider and raising awareness around the importance of internet security.