Do medium enterprises need to worry about online security in the same way as large companies do? M Institute invited Martin Mackay, vice president EMEA for Verisign, to lay out the case for security within medium organisations.
Every day, people are finding new reasons to go online to access goods and services, not least because of the convenience and choice transacting online offers. Unfortunately, this growing dependence on online business hasn’t gone unnoticed by opportunists.
Identity theft and online fraud are on the rise. Scams such as account takeover, phishing, spyware and viruses are rife and growing more sophisticated. The most recent figures from the Anti-Phishing Working Group show that the number of unique keyloggers and crime-oriented malicious applications rose to an all-time high in July 2008, reaching 1,519.
In April 2009, Gartner reported a 40% increase on phishing attacks from the previous year, whereby e-criminals use convincing fake emails or web pages to trick consumers into handing over an array of sensitive personal information, including user names, passwords, and credit card numbers. The price can be dear, with Gartner reporting the average loss per attack to be $351. In addition to monetary costs, companies targeted in phishing attacks also suffer immeasurable brand damage.
Given the current threat landscape, an effective online security strategy is essential for any business, no matter what size. That’s not to say that security strategies come with a ‘one-size-fits-all’ tag, and medium-size businesses should look to address security issues in a way that addresses their own specific challenges and requirements.
Medium-size businesses may not have the same budgets as very large enterprises, but they do have a similar need to protect their own Intellectual Property and any personal information customers choose to entrust to them. If you are a medium-sized online retailer, for example, you need to reassure customers that when they hand over their cash online, credit card details and personal information is secured and will remain in safe hands.
Despite the fact that a mid-market company might not be as well known as a larger brand, protecting your reputation is just as critical. Medium-size businesses rely heavily on repeat customers. In order to grow, it’s essential to build up a loyal customer following which will continue to choose your products or services again and again. Mid-market companies need to earn customers' trust and confidence to be successful, particularly during tough economic times when consumers are jittery and the competition just a click away.
Action stations
So what is a medium-size business to do? Several may worry that they don’t have the cash to implement a security program. That doesn’t have to be the case – the current financial crisis has meant that projects are under extra scrutiny, but not necessarily being abandoned. The board will closely examine projects to ensure they demonstrate clear ROI and deliver immediate benefits to the business. Effective security solutions not only protect your customers and safeguard the information that your business holds, but encourage trust and loyalty. If a customer is confident that they are safe when transacting with you, they are much more likely to hand over personal information and cash.
Recent research by YouGov has shown that companies which clearly demonstrate their online security credentials are more likely to be recommended to others by brand ‘promoters’. This means that implementing security solutions can help mid-tier businesses achieve coveted ‘word of mouth’ recommendations, drive increased business and directly impact the bottom line.
The proof is in the pudding. Many mid-size companies have recently managed to reassure customers that their data is in perfectly safe hands when transacting online, and seen sales climb as a result. One way they’ve achieved this, for example, is by implementing Extended Validation (EV) SSL Certificates. These certificates provide an easy and reliable way to verify that a website is genuine and a secure environment for customers making a purchase. Also known as the ‘green address bar’, it visibly shows that the organisation owning the web site has been authenticated as the legal entity it claims to be, using one of the most rigorous industry standards. The green address bar also confirms that any information provided by the customer as part of any transaction will be encrypted on its journey to the company’s website. Direct Line Holidays is one example of a mid-market business which has invested in this kind of technology. For them, implementing EV SSL led to an 8 per cent increase in conversion to sale rates.
Top tips
Here are my five top tips on how medium-size businesses can protect themselves online and increase consumer trust:
1. Put customers and convenience first. Businesses too often enhance their security systems without first taking into account the potential impact those changes will have on the customer experience. That’s a big mistake, as hard-to-use sites or complicated security layers will cut down on the popularity of cost-efficient online services.
2. Invest in a symbol of trust to show users that your website is secure. Consumers react well to visual cues – marks such as a green address bar and padlock icon guarantee that a website is safe. Online shoppers are encouraged never buy anything without first checking that these icons are present.
3. Look beyond the password. Simple login names and passwords are no longer enough to protect businesses and their customers. Enhanced validation (EV SSL) and strong authentication technologies, including tokens which display a one-time password generated for every transaction or which send a password to your mobile phone via SMS, offer businesses a user-friendly way to make it difficult for fraudsters to seize sensitive information.
4. Know when customers are at risk. Companies should develop detailed profiles of each customer’s typical online behaviour, such as transaction amounts, time spent online, and frequency of funds transfers. Using advanced fraud detection technologies and services, they can monitor customers’ activities against those profiles and be alerted immediately when potential fraudulent behaviour occurs.
5. Stay one step ahead. Any business looking to secure its online operations must be prepared to be bold and stay one step ahead of the fraudsters. Adopting EV SSL Certificates or strong authentication help, but these should be part of a multi-layered approach to online security that everyone with a vested interest must be aware of and prepared to act upon.
Recent Comments