Um . . . excuse me . . . but your data is showing.
Once solely the realm of crypto nerds, “Security” is set to be the single biggest topic in 2019. Publishing platform Medium dedicated the entirety of its first magazine to the subject of trust, with articles like “Find Out What Google and Facebook Know About You” and “Your Online Data Is In Peril. The Blockchain Could Save It.”
Wired has covered the topic extensively, and continues to write about what’s really happening to internet users’ data in pieces like “No One Can Get Cybersecurity Disclosure Just Right—Especially Lawmakers.”
This groundswell of concern over online security, privacy, and trust means businesses can no longer claim ignorance when it comes to these crucial elements of internet use. Indeed, recent privacy regulations from the European Union and California affect every business that has a website—including yours.
You need to be both current and compliant on security and privacy. In this article, we give you two easy-to-complete tasks that can keep your website security in line with current standards while prepping for the future.
“S” Stands for Security
Earlier in 2018, Google announced a deadline of July as when its Chrome browser would begin explicitly warning users that the website being displayed is not secure.
Check your website. If the URL address starts with HTTP instead of HTTPS, it’s not secure. Let us help.
To have your site display the HTTPS instead of plain HTTP, you must validate your site and get an electronic certificate. The process of validating can seem like a pain, but it’s imperative. The point is to show visitors that your site is legitimate, not vulnerable to hackers, and not going to distribute malware to their computers.
If you haven’t redirected to HTTPS . . .
- Your site—like all unsecured sites—may appear lower in search results. A few years ago Google stated that if all other factors are equal, HTTPS can act as a tiebreaker in the search engine results. As security continues to be a critically important focus, a major update that weeds out least secure sites could be underway.
- Your visitors will see scary warnings. Google Chrome, by far the most used browser—accounting for 63.5% of web traffic worldwide—will tell users that the website they are viewing is not secure. According to a recent HubSpot Research survey, 82% of respondents would leave a site if they saw this “Not Secure” warning.
- Your website will become extinct. Not only does HTTPS protect the integrity of your site and the privacy of your users, HTTPS matters because it is a requirement for many new browser features now, and even more powerful features soon to come.
Security is about more than just HTTPS, too. An increasing number of government agencies throughout the world are pushing for regulations that protect users’ privacy. Key to the idea of safeguarding users’ privacy is letting users control the fate of their information.
That means we need to talk about cookies.
The Broken Cookie Jar
Cookies—those files that store data and relay it to websites that use them—have been around for more than two decades at this point. But it’s only now that the average internet user is starting to realize just how much of their information is being harvested by these cookies and sent to entities they don’t know and may not approve of.
You may have noticed in your own browsing of late that seemingly every site you visit asks you to accept that it uses cookies, or warns you that it uses cookies.
This is a response to the European Union’s General Data Protection Regulation (GDPR), the sweeping new rules that affect not just European companies but all companies that use cookies with possible users in Europe—which is pretty much everyone. One of the GDPR requirements is getting consent from visitors to collect their data. Thus the constant clicking of “I accept that this site uses cookies.”
California also passed its own consumer privacy act this year, which lays out similar regulations and affects any company that has business in California.
And the regulations aren’t likely to stop there—other states and countries will likely follow suit. Getting ahead of those regulations is key, lest you find yourself legally liable while struggling to catch up.
This is your second task: You must implement some method of asking for your users’ consent to using cookies.
What About the Users?
Those cookie notifications are pretty annoying to the average consumer. Research into how annoying, exactly, is underway, but we do actually have some studies from 2016 that were used in the formation of the EU’s GDPR.
EU researchers recruited 600 subjects in Spain to perform various e-commerce tasks that had different ways of letting the subjects know about the presence of cookies on the site.
When simply informed by a banner that by using the website they would be accepting cookies, all of the subjects chose to continue. When subjects were presented with a banner that asked them to choose whether to accept cookies, the results were split almost evenly between those who did and didn’t accept cookies. (Source)
Any of these banners are allowed under GDPR. We’ll talk more about which banner is right for your business in another article.
Regardless of how mildly annoying it is to consumers, being current and compliant is now a requisite for digital marketing.
Don’t feel overwhelmed. These are action items businesses of any size can accomplish with the right partner to make the process easier. Make this the year you take action.