If you are a website pro like a designer or developer, it can be tempting to think you have limited responsibility for the security of a client’s site — but that might not be the best way to think about it from a business perspective.
While it’s likely true that the vast majority of hacks occur due to client error (like using 123456 as a password) rather than you or the host. However, the issue might not be quite so simple.
In fact, there are a number of good arguments for helping your clients with cybersecurity.
One is the moral argument. As is painfully obvious from the number of articles now popping up on how to secure your online store for the holidays, the perennially popular searches on improving website security, and the recent boom in guides for protecting websites during the pandemic, you might be surprised how little your clients know about cybersecurity. This leaves them wide open to suffering a potentially devastating breach.
In this article, we’ll explain why you should care about that and, more importantly, what you can do about it.
Why get involved?
Great question. If you are a website host, and still more if you are a web designer, it’s not immediately obvious why you should care if your clients’ websites are hacked. But here’s why we think you should.
Let’s leave aside the moral niceties for a moment and focus on cold, hard profit.
The fact is that helping clients protect their website is a great way to establish authority, and this will ultimately mean that the relationship is a better and more profitable one. Going above and beyond the literal call of duty could mean they are more likely to recommend your services to their acquaintances, more likely to stick with you for the long haul, and far more likely to seek your advice when it comes to upgrading their site.
All of these offer clear financial benefits to your company in the form of further paying gigs and upsells.
It’s also worth remembering that the level of security knowledge among your clients is likely to be quite low. If you build or run websites professionally, you should be able to offer clients plenty of advice on protecting their data without having to do a lot of research. Even a list of resources, such as the one I’m about to give you, would be much appreciated by those new to online commerce.
How to help
There are a number of key areas in which new websites are particularly vulnerable, and in which your clients can dramatically increase security at little (or no) cost. Let’s run through them:
Use a VPN
The first is not directly website-related, but important nonetheless: tell your clients to install a VPN and work through it any time they go online. Preferably one with US servers, since there is no legal requirement to retain activity logs. This kind of software both encrypts session data and obscures where the user is physically located.
Get on SSL
As a professional, you should of course be telling all of your clients to use SSL — not just for security, but also because it’s good for SEO. Depending on your business model, you should either offer SSL as a free or add-on service or direct clients to a free service like Let’s Encrypt.
Besides the VPN already mentioned, you should also recommend that all of your clients use anti-malware software. If it’s their first website, they likely will be confused by the range of options available. While you probably don’t want to recommend a particular vendor, you can point them toward well-known systems like Bitdefender Antivirus Free.
Create strong passwords
Next, make sure to hammer home the importance of strong, unique passwords. If you work in IT, it’s easy to forget that the approach the average person (and business owner, unfortunately) takes to passwords is still very 1990s.
That’s the reason why 40% small businesses said that their company suffered an attack due to employee passwords being compromised in 2019. Show your clients the top 10 most hacked passwords, and point out that if their passwords are on that list, they are going to get hacked.
Finally, remind clients to keep their websites up to date. Websites running unmaintained or obsolete plugins, for example, are much more vulnerable than those that have the latest security patches.
This last step, and in fact all of the tips on this list, can be turned into a fruitful business opportunity. Contacting your clients to remind them that a new security update is available for their site’s backend is a great chance to ask if they are happy with their site. This builds trust and also leaves the conversation open to generate additional sales.
Striking a balance
Ultimately, your goal as a web professional should be to build rapport with clients. Offering free advice on cybersecurity is a great way to do this naturally and comes at little or no cost to you.
There is a balance to be struck when it comes to accepting responsibility — implicitly or not — for the security of a client’s site.
While you can show them how to protect their website, don’t fall into the trap of becoming an unpaid cybersecurity guru. In a world where 92.4% of malware is delivered via email and 95% of cybersecurity breaches are due to human error, your clients are going to send their login details to a hacker one day, no matter how much you warn them to be careful.
Those are just the facts.
In other words, make it abundantly clear that they realize you are offering friendly advice, not an ironclad safety guarantee. And when you contact them about software updates, it should be clear you are doing so under the auspices of business networking, rather than offering to do a bunch of unpaid work.
Done correctly, however, this kind of coaching can have serious benefits for your business. With a website professional who is contactable, affable, and above all knowledgeable, your clients will be more likely to contact you when they need to build their next site.
Meet the 27-hour day
We built The Hub by GoDaddy Pro to save you time. Lots of time. Our members report saving an average three hours each month for every client website they maintain. Are you adding that kind of time to your day?