July 7, 2016

Safe and Secure: Creating a Trusted Web Experience

Written by 

Perhaps you’ve experienced this yourself: You clicked on a link or visited a website where something seems to be just not right.

safe and secure online experience

If you’ve invested any amount of money in attracting, informing, inspiring, and engaging people to build a movement or inspired for action (especially making an online donation or making a purchase), the last thing you want is for them feel uncomfortable on your website.

As your organization approaches the year-end giving season, you’ll be thinking about donor communications and giving appeals. Don't forget, the year-end giving season begins now. It's an extension of your annual fund strategy. Ensuring that your donors and supporters feel assured, safe, and secure year-round is both a strategic branding and technology concern.

If selling product is part of your sustainable revenue model, you’re thinking about the best possible experience for online transactions. This is true whether your organization is a business, or a social sector/NGO raising revenue through product and resource sales.

One of the last things on your mind may be website security. You may think it’s the realm of the IT staff to handle security, but as an advancement, marketing, or communications officer it’s also your concern. You may think it’s already been taken care of.

Evoking a sense of trust and security is not simply about better communication, it needs to be a core value of your brand. If you are exchanging trust online (a donation or purchase is simply proof that your donor trusts you), your organization’s credibility, reliability, and trustworthiness must be established before the first time visitor visits you online, and sustained as that visitor becomes engaged and you sustain the relationship with them.

Assuring your donors and your advocates that your website is secure must be a major consideration for the center of your communication platform. While it may sound complicated and/or scary, website security is relatively simple to implement and has the benefit of reassuring your donors that their trust in your organization is well placed.

Just because your domain name ends in .ORG or even .NGO does not assure visitors that your organization has a secure and malware free website.

Encryption and SEO Benefits of an SSL Certificate

Let’s begin with the simplest technique for reassuring your donors or customers, the SSL certificate. An encrypted website offers these benefits:

  • SSL encrypts the connection between your computer and the website you’re visiting.
  • Visitors recognize a secure URL, typically found on donation pages when the web address begins with HTTPS.
  • An SSL certificate displays a small lock icon in the URL locator of your web browser.
  • Donors and site visitors are reassured of a site’s security when your entire website loads with the HTTPS prefix.
  • The agency that issues the certificate often will provide a reassurance seal to place in the footer of your website. A reassurance seal is also known as a trust badge.
  • With website security being a top priority for Google, it provides an additional level of reputation and credibility to the search engine giant’s algorithm and ranking system.
  • Test your website’s security at Qualys.
  • Google is beginning to favor encrypted websites with higher ranking. For now, while it’s only considered by Google to be a “lightweight signal,” who doesn’t want better organic search engine rankings?

With a little research, you will find there are multiple options for implementing encryption on your website, and it can be overwhelming. Aspire recommends that you first ask your webmaster about implementing website encryption and if they are unable to assist you, get in touch with your hosting partner.

How do you keep your WordPress site from being infected?

Sucuri, a website security firm, recently published a report based on its analysis of over 11,000 websites were compromised with malware.

Given the popularity of WordPress as a platform for nonprofit communications, and that one-third of the world’s websites are powered by the four key platforms, (WordPress, Joomla!, Drupal, and Magento), security is a major concern.

Take a look at just one of the many charts Sucuri released in its Website Hacked Trend Report 2016 - Q1 report (Chart courtesy of Sucuri.net)

16 affected cms month

The vulnerability of WordPress is not only a concern for nonprofits and charities, but for any business that relies on an open source platform for its online presence.

It's critical that your web development team keep your site up to date.  Leading-edge hosting platforms such as CloudAccess.net include an auto-update feature in their paid hosting plans that, when configured properly, ensure security updates are applied and your content management system is up-to-date.

In its 2017 Hacked Website Report Sucuri notes, “We are seeing an interesting shift in the number of out of date, vulnerable versions of WordPress at the point of infection. At the end of Q3 2016, 61% of hacked WordPress sites recorded outdated installations, however, this has since decreased. In 2017, only 39.3% of clean up requests for WordPress had an outdated version.”

2017 outdated web content management platforms

Protecting your site from being hacked is a major concern regardless of whether your organization is in the social sector or private sector. The moment a visitor has a bad experience, whether it’s through a Google phishing notification, or from visiting your website after it has been hacked, immediately casts doubt in the visitor’s mind about the reputation of your organization and its brand.

Providing your visitors with a secure website isn’t complicated, and it can be cost-effective. The cost to protect your website from hacking and malware is most likely less than the cost to clean it up, the impact on your reputation, and the amount of potential loss of donations on an unprotected website.

Four key steps to take to protect your website from hackers:

  1. Choose a platform provider (aka hosting partner) with expertise in open source platform hosting: After many years of working with different managed hosting providers, Aespire’s first and only recommendation is now CloudAccess. With a robust platform, US-based cloud hosting, and a global support team, we’ve found them to be the most capable hosting platform we’ve ever worked with. Their platform powers enterprise-level corporate and a wide variety of social sector sites for us.
  2. Keep your code based updated: Sucuri notes: “Out-of-date software has been a serious issue since the first piece of code was put to virtual paper. With enough time, motivation, and resources, attackers will identify and potentially exploit software vulnerabilities.”
  3. Install a web application firewall: A simple and effective way to do so is to add a cloud-based Proxy Firewall, such as Sucuri. While they are not the only website security provider, their proactive approach to protecting, patching vulnerabilities, and expertise in cleaning hacked sites makes them a top choice.
  4. Hire Aespire to protect your site through our Sucuri proxy firewall account with SSL validation and monthly Site Audit monitoring for reputation and search engine optimization (SEO). Contact us for pricing and details.

Protecting your web site is about protecting your brand and reputation

If you’re concerned that your site may be at risk, scan your website for free with the Sucuri SiteCheck—but be certain to consider these other steps and insights for providing your donors and customers a trusted experience.

Aespire understands that you realize how important website encryption and security is to supporting your strategic communications and to attracting, informing, inspiring, and engaging your audience — whether they be donors or customers.

If your goal is to motivate website visitors to action, to help them build the movement, it is your responsibility to assure them that every step they take with you online is safe and secure.

Are you wasting money on marketing?

Give Aespire a call today to create clear messaging that helps your website, email, sales team, and marketing actually grow your business.