What are malicious websites?
Malicious websites are one of the banes of the internet and modern internet users are increasingly aware of this fact. What they may not know is how to identify these malicious websites. For this reason, they are increasingly working on the basis that websites need to show that they can be trusted to get their custom. It’s therefore down to you to meet their expectations and highlight your credentials as a legitimate website. Here is a quick guide to help.
Malicious websites can implement HTTPS too
For years, SSL/TLS was pushed as a major part of solving the internet’s security issues. The problem with this approach is that a basic implementation of HTTPS requires a minimal level of security checks and costs practically nothing. In fact, hosting providers are increasingly implementing it as standard even with the most basic (and affordable) hosting packages. This opened the door to malicious actors implementing HTTPS on their websites and using the secure designation to convince visitors that the site was safe.
The internet authorities have started tackling this by instructing internet users to “look for the padlock” instead of just looking for HTTPS. This is an astute move because the padlock symbol is generated by the user’s browser rather than by the site. Unlike human users, the browsers can identify which specific form of HTTPS has been implemented on a site and will only show a padlock if one of the more security-intensive implementations has been used.
In short, therefore, if you’ve only implemented a basic level of HTTPS, then you could find that customers start assuming that you’re running a malicious website. It’s therefore advisable to upgrade your HTTPS implementation if you possibly can.
Trusted websites have real-world contact details
Verifiable real-world contact details provide a massive level of reassurance to customers and hence generate a high degree of trust. At the same time, however, this has to be balanced with the need for privacy and safety for you and your employees.
As a rule of thumb, if you are set up to receive visitors, then it’s generally safe to publish your full business address. If, however, you’re not then you may want to look at alternative options such as getting a PO Box and advertising that.
It’s also preferable to have a landline telephone number rather than just a mobile. This may seem odd in an age when landline phones are rapidly disappearing from the consumer world, but the fact is that they still remain associated with established, reputable businesses.
The irony of this is that a significant percentage of businesses, including long-established ones, have long since given up genuine landlines in favor of VoIP services. They just have numbers that look like regular landlines (in many cases, these will be old numbers which they’ve ported over). SMBs can implement this too and it can be very worthwhile to do so.
Last but not least, you need some way for your customers to send you a written message. Over the years, Contact Us forms have become increasingly popular. These can be used to force customers to be both precise and concise when writing to you. They are also useful for reducing spam on your email server. The problem with them is that they can also provide an easy route for SQL injection attacks.
This means that old-fashioned email may actually be a better way to go. You can cut down on spam by providing the address as plain-text rather than as a link. Obviously, if you want your website to be trusted (and taken seriously), the address needs to belong to your domain, not be a free email address.
Trusted websites have a meaningful privacy policy
Modern customers are increasingly likely to know what you intend to do with any data they enter into your website. This means that you need a privacy policy. More specifically, you need a privacy policy which is clearly customized for your business and your customers, not just copied and pasted from somewhere on the internet.
Ideally, you should have a privacy policy written by someone who actually understands the law and what it means for your company. If you do not have the internal resource to do this, then it’s advisable to hire a third-party vendor such as a lawyer. This may seem like a significant expense, especially for an SMB, but the fact is that data, particularly sensitive data, is generally subject to legal protection and you need to be clear about what this means in practice to protect both your customers and yourselves.
Please click here now to have your website scanned, for free, by cWatch from Comodo.
