The internet facilitates every aspect of our lives, which has only become more obvious during the COVID-19 pandemic. Although we spend much of our time online, confidence in internet security remains quite low.
Research by PwC suggests that 69% of consumers think online companies are vulnerable to cyberattacks, and only 10% of consumers feel they have complete control over their personal information. Considering that internet use doesn’t show any signs of slowing, it would be easy to dismiss this consumer anxiety as a concern without any real consequences for online businesses — but that would be a mistake. PwC also found that 88% of consumers will share more data with companies they trust, while 87% will abandon companies they don’t trust with their data.
The data demonstrates that people understand the value of their personal information, worry about any risks it’s exposed to, and expect companies to prioritize ecommerce website security. Widespread concerns about these issues pushed data protection rules like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) into law, complete with stiff penalties for offenders. Consumers and regulators alike have made their positions clear: Online enterprises must protect data or face the consequences.
The State of Today’s Cybersecurity
People trust some industries (banking and healthcare) more than others (social media companies and startups), but they’re universally suspicious about any organization that wants their data. In a recent PwC survey of CEOs, 69% of respondents said earning and keeping consumer trust was getting harder in the digital age.
Advertisement
Over the past decade or so, there’s been a consumer awakening related to data. People now realize why both hackers and companies want their personal information so badly. Instead of giving it out casually, consumers are becoming more protective and demanding more personal control over their information, which regulators have granted.
To comply with regulations and keep customers happy, some online businesses are revising their data policies. Others, though, have dangerous misconceptions about who data protection laws apply to, and how things like online payment security risks affect their bottom line. Mostly, these are small and mid-size businesses that assume they’re either exempt from laws or invisible to hackers seeking out bigger targets.
They’re wrong.
Relevant laws apply to everyonline business, and hackers see smaller companies as easier targets because they tend to have only basic protections in place. Up to 60% of small businesses that experience a cyberattack end up shutting down within six months. And even in cases that aren’t so extreme, lost revenue, damaged brand reputation and hefty fines can have lasting consequences.
Moving forward, further legislation and litigation around data protection seem inevitable. Regulators could even move to break up big tech companies because of how they treat the oceans of data under their control. The stakes, quite frankly, have never been higher. Online companies that care about their sustainability need to worry just as much about security and strict compliance.
A Plan for Legal and Reliable Online Security
The bad news? The cost of ineffective online security is massive. The good news? Effective security costs a fraction of that. Any business with an online footprint can use these four methods to keep its online security legally compliant and reliable.
1. Understand the objectives.
Ecommerce website security is a tech-driven initiative in the service of business-first objectives. At each point, security measures aim to create trust, build loyalty and turn customers into evangelists. While a single breach might cause customers to flee, consistent security attracts them. If there are ever internal debates about investing in new security measures or putting policies in place to ensure online legal compliance, remember that these issues are inextricably linked to the bottom line. To put it simply, website strength is business strength.
2. Prioritize data protection and privacy.
GDPR applies to any ecommerce company with customers in Europe, and CCPA does the same for California. These laws apply to basically all online businesses, and similar regulations are certain in other areas. This means all businesses need to establish comprehensive policies regarding data protection, privacy and cookies. These policies dictate when and how a website stores data and help preserve online legal compliance. By law, websites need clearly visible links to these policies so visitors can learn what will happen to their data and opt out of having it sold to third parties.
3. Protect online transactions from fraud.
Instances of card-not-present fraud (commonly used against ecommerce sites) are expected to grow by 14% every year through 2023 — mostly because they’re so effective for hackers. Preventing these attacks and the resulting fallout requires a deep audit of site security to root out any hidden vulnerabilities. Managing fraud risk also has a compliance component: Companies must disclose a consumer protection data breach within 45 days in most states. Stopping fraud should be the objective; when fraud does happen, don’t compound the damage with a compliance violation.
4. Study the law.
Online businesses can sell to anyone, which is great from a business perspective but challenging when it involves complying with countless local, national and international laws. Ecommerce sites need to understand all the regulations they’re subject to and exactly what compliance requires. They also need to track how the landscape shifts as new regulations appear and existing ones evolve.
The best way to keep a website compliant and secure is to be systematic. Figure out the right way to handle data, and then repeat that process every single time. It sounds simple — but it’s how the most secure ecommerce websites earned that title.
Ertuğrul Emre Ertekin is CTO of the online form builder JotForm. He is a passionate engineer and seasoned problem solver.