Improving Security and Trust on Your Website

Online retail sales are growing by the day, with U.S. revenues already exceeding $300 billion in 2014, a figure expected to double by 2018. The steady annual rise in e-commerce revenue and scope seems unstoppable, but what does that mean for those old barriers that once held back many from converting online, mainly personal information security? As you may have deduced, these figures hardly represent the full potential of online and/or mobile consumption.

Google changed their algorithm to favor sites with secured URLs, and a MarketWatch survey found that security is the leading barrier to conversion amongst users, with only one third stating they do not shop online in fear of personal data breach.

Moreover, in a different survey a staggering figure of more than 80 percent of U.S. shoppers who searched for a product online expressed interest in finding products nearby — indicating that there’s still a strong preference for shopping in person, but also clues us into a very basic level of mistrust in both the online presentation of items, and more importantly a hesitance to input personal information. High profile user data hacks such as the one eBay faced in 2015 do more to deter already-fearful Web users from handing over their details. It almost doesn’t matter how quickly and effectively the company dealt with the breach, or how much (if any) damage was incurred by the users whose data was leaked.

Establishing or recuperating trust is one of the main barriers to conversion from existing and future consumers. This is doubly true when it comes to lesser known, new, or online-only retailers.

The fact of the matter is, if you own, operate, or promote a website, your information — and your users’ information — is exposed to a certain level of risk. While not all businesses can afford to enlist a team whose role would be to monitor their site’s cybersecurity, it may be beneficial for you (as a web marketer professional) to consider training someone among existing staff to deal with security at least at the basic level.

As business owners, we all know we get a myriad of “lookie-loo leads” — prospects that are just price shopping with no intention of ever committing — and there are dozens of reasons why a potential client would legitimately say “no” to your proposal. Even when dealing with a site that’s been found relatively secure, you or your potential client may be soon parting ways due to the failure of showcasing efforts to secure data. Read on to learn how you can polish any site’s security to improve consumer trust and ultimately, revenue. This post covers how to use security as another piece of your sales funnel and as a pitch to prospective clients.

Some Numbers

When conjuring up an image of a hesitant online user, we often think of the elderly. After all, relative to the younger crowd, they’re likely inexperienced in completing Web tasks, and generally used to doing things a certain (offline) way. Yet, according to the MarketWatch survey referenced above, the fear of personal data being possessed by malicious sources is most prevalent among the 35-and-older crowd, which is probably a much younger cut-off than you anticipated. Moreover, it’s not as though everyone younger than 34 is completely comfortable with sharing and managing information online. In fact, two thirds of consumers say they believe they will fall victim of a data breach in the coming year, and the same percentage say they’re more worried about their information in cyberspace now than they ever were before.

Finally, there’s one new and important factor making nearly all online consumers uneasy: fear of breach is common in all age groups when it comes to completing purchases on mobile devices — a figure we should be mindful of in light of the steady increase in mobile usage for e-commerce purposes, reaching nearly 40 percent of all online sales in the U.S. on Black Friday 2013 alone.

While barriers to conversion are virtually endless, security is one that’s consistently cited by Internet users as a deterrent from completing online purchases. If you own or promote a long-established giant retail chain with well-distributed brick-and-mortar stores and an online store, your reputation is likely doing more than half of the work. If the above doesn’t apply to you, below are some tried and true tips that are essential to strengthening a site’s security.

Audit and Take Action

As with all journeys, the road to safety begins with one major step — figuring out where you are on the safety spectrum. This step should be as thorough as possible; consider involving one or more professionals who can closely examine the site and assess it as whole. Depending on the size of the company, these professionals can either be one-time consultants or full-time team members paid to have their eye on the ball at all times. The following three areas are where you’ll most likely find security gaps during your inspection, so focusing on them is a great start:

1. URLs: The exchange of data online (credit card data, address data, login pages, etc.) should be carried out over a secure connection that’s authenticated and encrypted via https. I will not expand on this, as we all already know the importance of https for Google. Therefore, it is highly suggested to do the switch if not done so already.
2. Plug-ins: Does the site utilize any form of open-source platform? If yes, this puts it at risk of data hacking due to various possible security bridges, like loopholes to steal data or commit fraud. Worst of all, if this occurs, it may be extremely difficult to realize the source of the breach. Yes, WordPress! Quick, go and update all your plugins and make sure they are all from a reputable source. If you’re using a reputable web host, they will automatically update your software. If you’re unsure if yours does, investigate and possibly switch to a better host.
3. Payment verification: If the site accepts payments (e-commerce for instance), carefully examine the level of protection that’s provided by the payment-processing program the site subscribes to. In most cases, it would be beneficial to take additional measures in order to boost this level of security, starting with the purchase of reputable financial verification software such as VeriSign, MasterCard Merchant Fraud Protection, and more.
4. Data validation should be done on the client side, not server side: Many web forms include JavaScript validation. If the validation process is done on the server side, it means nothing. Make sure all JavaScript validations are done on the client side, or you might find yourself an easy prey for hackers.
5. Password: Everybody knows they should have a strong password, but this is not always the case. It is critical that you have a bullet proof password to all access points of your website. Avoid generic user names such as admin, user, or test and avoid using your email and your user name. Change your passwords every quarter. Set a reminder to do this.
6. Consider a web application firewall: this can be your first line of defense. The firewall inspects incoming traffic and blocks hacking attempts right of the bat. Until a few years ago, firewalls were available only as an added hardware. Now you can contact your hosting company and ask to add the application to your hosting package. Reputable hosting companies include them as part of your plan.
7. Limit access to certain directories and restrict file permission: in most hosting accounts, and in those usually done through FTP, you can control level access and file permissions on your server. This is a very effective way to block certain areas of your website and to reduce the risk of unwanted activity. Read more about it here.
8. Invest in and keep up with advanced security software. By now you realize the importance of ongoing security scans, but it can be a nuisance to update software at the high rate most security programs demand today. Regardless — take on the role of security by remaining up-to-date on the latest software, or you could be surprised of where it may hit you (spoiler: it could impact the site’s rankings). This goes further than installing the latest version of McAfee or Norton, it entails ensuring vital components of the site’s transaction processes are up-to-date, such as the shopping cart; if it’s based on an outdated or open plugin, one simple breach could mean compromising the client database, which may expose them to breaches on other platforms.
9. Avoid storing sensitive data: Generally speaking, PCI regulations prohibit the storage of customer information (especially payment method details) beyond the completion of a transaction. If you have smaller/beginner e-commerce clients, this may be a handy memo for them. There are exceptions to this rule, such as recurring payments. However, it’s strongly advised to limit the information kept to a bare minimum, such as what the system requires to issue refunds. If your clients keep to this rule, they’ll rest easy at night knowing that even in the event of an attack, there will be no sensitive data that can leak.
10. Penalize suspected breaches: Ever forget a password or type one out incorrectly? We’ve all been there – it’s only natural. What isn’t natural is making dozens of back-to-back attempts at passwords in a short timeframe. If you haven’t already, make sure the login page is set to deny login after a certain number of failed attempts, typically three. It doesn’t have to be a hard block, even a temporary ban of 30 minutes can make eager brute hacker-bots skip onward to the next unattended cyberspace.
11. Clearly define, designate and stick to admin roles: The number of people who are exposed to internal information in a company can easily exceed what’s necessary, considering high employee turnover and general failure to contain data. They say the greatest threat to data comes from within. Keep close tabs on who is exposed to sensitive information, and go the extra mile by switching up passwords to security software and admin panels often.

Don’t Keep Security a Secret

Preventing a potentially financially devastating attack is an end in and of itself. Studies have found that prominent trust signs, such as conspicuous SSL layers actively boost customer trust and thus positively impact sales. Any reputable site should display trust signs proudly, including accreditations, encryptions, and verifications. These symbols subconsciously — but powerfully — indicate to clients that the business is serious and concerned about their online safety, helping them feel comfortable completing a purchase or handing over precious information.

It shouldn’t end there, however. Consumers know security is also in their hands, so any help provided to them in order to understand how to protect themselves online is beneficial and works to establish the site as an authority on online security — not a bad place to be. For instance, you can be more transparent by giving clients access to their stored account details and teaching them about the importance of having a unique password by raising the minimum level of complexity; making real time automated recommendations. When all parties are well informed about what constitutes as unsafe behavior and make a conscious effort to be safe, it’ll make fraud easier to detect.

Stay Ahead of the Next Attack

Unfortunately, hackers are just as sophisticated and creative as cybersecurity experts. For site owners, this means living in a never-ending arms race where an attack may always be just around the corner. Assuming your client is already keeping their security software consistently up-to-date, their best bet to stay safe is to test the network occasionally by running cyberattack simulations. This can be carried out by a cybersecurity professional, and it should be a regular protocol — especially before important sales or promotions when system overflow may make data more susceptible to real time attacks. In severe cases, Google may dole out a manual action and send an alert to Web Master Tools (Search Console), indicating that the reason for the penalty is Malware or third party hacking.

Though often enlightening, periodic attacks should not be relied on as the only measure of site security on an ongoing basis. The best way to monitor suspicious activity is by setting up real-time alerts and consequences for suspicious activity. Depending on the niche you’re dealing with, that could mean denying registration or checkout completion for any of the following cases: a foreign IP, multiple attempts at registration / login / checkout completion, suspicious telephone number input (e.g. 111-111-1111), multiple identical orders placed, or if an order is placed that differs greatly from typical new client projections. By being able to identify these behaviors real time, you could stop attempts at fraud in their tracks.

You’re on your way to becoming an online safety expert. Use the above information as a starting point, and lay the foundation for advanced cybersecurity. It can and will pay off in revenue and trust. Once you become aware of the risks that loom, you may be surprised to realize how many close calls you and your clients have had — and how effective security measures need to be.

About the Author: Asher Elran is a practical software engineer and a marketing specialist. He is the CEO at Dynamic Search and founder of Web Ethics.

Nonprofit Testing: How one small change led to 190% increase in clickthrough

Tweet

As marketers, we all dream of expensive radical redesigns of our websites that check off every item on our wish lists. Over the years here at MarketingExperiments, though, we have routinely discovered that with a proper understanding of customers, the smallest changes can often yield the biggest results.

A recent test from our friends over at NextAfter demonstrates this fact.

Background

As Tim Kachuriak, Chief Innovation and Optimization Officer, NextAfter, noted when he joined us for our August Web clinic, Personalized Messaging Tested, NextAfter works exclusively with nonprofit organizations to discover what truly makes donors give.

Dallas Theological Seminary (DTS) is one such organization that NextAfter has partnered with to help answer this question.

In an earlier experiment with DTS, Kevin Peters, Vice President, NextAfter, had found that visitors arriving at the organization’s primary donation page were highly motivated to give. He discovered this by testing two forms of the page.

The first version of the donation page cut immediately to the chase, asking donors to “make a gift online.” The second version of the page posited that perhaps DTS was asking too much, too soon, and prefaced the “ask” with copy highlighting the unique value proposition of DTS. Quotes from well-known figures in the Christian community were also leveraged to build additional credibility. 

When running the test, Kevin found that the supporting information used in Version B actually decreased conversion by 28% at a statistically significant level. Instead of building value for potential donors, the additional copy actually introduced friction for visitors who were already extremely motivated to convert. In short, the copy was viewed as a roadblock, rather than a launch pad.

While many companies would be thrilled with the apparent high motivation of their visitors, pat themselves on the back for building the perfect site and take the department out for a steak dinner to celebrate, Kevin and the NextAfter team wondered if other factors might also be contributing to the irregularly high conversion rate.

“The headline had no value proposition whatsoever, but they had a conversion rate in a very high percentile … We knew that the only people getting there were already convinced to give,” Kevin said.

What if friction elsewhere on the page was causing only the most highly motivated visitors to actually make it to the donation page?

NextAfter decided to put this theory to the test.

The Test

To test whether certain page elements were making it more difficult for lower motivated customers to reach the donation page, the team started with one simple change to the organization’s homepage. Take a look at the control and treatment below, and see if you can spot the difference:

If you noticed that the “Donate” button has been given extra purple emphasis in the Treatment, congratulations on your impeccable eyesight. If you didn’t see it or it took you some time, don’t feel bad; it took minutes of intense staring for the author of this post to spot the difference himself:

 The Control

The Treatment

Results

Despite the change being so simple that an experienced designer or developer could execute it in a matter of minutes, calling out the donate section with a purple box yielded a statistically significant 190% increase in clickthrough to the donation page.

What the team found equally interesting and surprising was that when customers with lower motivation were moved further up the funnel, the average donation increased by 860%.

Though Kevin responded that this number could not be statistically validated, and exceptionally large donations create outliers that can dramatically skew the average gift, most would expect the opposite to happen.

The NextAfter team is currently exploring separate donation pages for lower and higher motivated customers.

Key Takeaway

As Web design continues to evolve and new trends continue to emerge, it’s easy to feel the need to constantly reinvent our sites and pages. More often than not though, a well-optimized page results from methodical thinking and a series of seemingly minor tweaks, rather than brash, sweeping changes. By recognizing the motivation level on the donation page and then fine-tuning a single page element, NextAfter nearly tripled clickthrough to the donation page and increased their knowledge about what makes DTS donors give.

If you are interested in learning more about what makes donors give, NextAfter will be hosting a nonprofit edition of our Marketing Master Class, “Driving Success through Email Optimization,” here at the MECLABS Institute in Jacksonville on October 22-23. For more information about this unique opportunity, click here.

 

You might also like

Today is your last chance to get a free pre-release copy of the August 2015 MarketingSherpa Consumer Purchase Preference Survey plus a chance to win a free, three-day ticket to MarketingSherpa Summit 2016 in Las Vegas OR an iPad Air 2. Take the 2015 MarketingSherpa Marketing Practices Survey now. The deadline is September 28.

MarketingSherpa Summit 2016 — At the Bellagio in Las Vegas, February 22-24

Personalized Messaging Tested: How little changes to an email send led to a 380% change in response rate (Web clinic)

What Eyebrows and Websites Have in Common

Three Tips for Crafting Newsworthy Brand Narratives

The art of getting earned media coverage for product or service can be tricky. To grab that coverage, you need to tell good, solid brand narratives. Here are some tips for uncovering yours. Read the full article at MarketingProfs

3 Psychological Tools To Use In Landing Page Design

The human brain is an incredible tool, but it can also be puzzling. For the landing page designer, the human brain presents the greatest challenge as well as the greatest ally. You might not have thought about how psychology plays […]

Post from: Search Engine People SEO Blog

3 Psychological Tools To Use In Landing Page Design

--
Written by Mandy Boyle, Mandy Boyle

The post 3 Psychological Tools To Use In Landing Page Design appeared first on Search Engine People Blog.

Seven Ways to Ensure Fans Don't Miss Your Facebook Page Updates

Are you tired of reaching less than 5% of your fans with your Facebook page posts? If so, then you need to find new ways to get your updates in your audiences' News Feeds. Read the full article at MarketingProfs

#SocialSkim: Facebook Signal Helps Journalists Find You, Plus More Stories in This Week's Roundup

Learn about Facebook Signal (and how to get journalists interested in your content). Also: Facebook's 360° videos, how the Emmys did on social, Dropbox's new tools for teams, and Atlas, your new charts buddy. Read the full article at MarketingProfs

Why a Content Hub is Your All-Powerful Media Magnet

Content marketers beware:

• The battle you fight for attention is hard and getting harder.
• Customers don’t know what content they’re looking for (or even that they’re looking for content). They simply want answers.
• While a company blog is a smart content marketing play, it’s probably not enough.
• Consistently creating and publishing great content can be insanely difficult.

What’s a content hub?

If you were to search the phrase “content hub” and begin scouring the results for its definition, you may get confused fast. The term gets thrown around quite a bit and is interpreted in various ways.

The definition for “content hub” we’re going to use (and the proven approach I’m going to tell you about) is:

A content hub is a destination where website visitors can find branded, curated, social media, user generated, or any type of content related to a topic.

You might think… Isn’t that a website? Or isn’t that a blog? It could be. However, a content hub is generally smaller than a website and bigger than a blog. The best ones—and I’ll show you examples—are microsites or branded resource centers published to help visitors find the information they seek in the form they prefer.

American Express is considered a pioneer of the content hub. Their hub, OPENforum, seven years running, is filled with advice from experts to help small business owners thrive. Readers submit questions and get answers from the forum’s experts.

6 benefits of content hubs

It’s awfully hard to create a sustainable business today if you’re not pulling people into your website. It’s your main medium—your connection center.

Is your website magnetic? A value-packed content hub is your best bet for creating a digital media magnet.

Let’s examine the benefits (as explained in a blog post and free ebook about content hubs from ScoopIt)

1. Authority

Online buyers put their trust in authorities. Consistently publishing trustworthy content is a proven route to building thought leadership and is amongst the most important benefits of hosting a stellar content hub.

2. Visibility and traffic

Succeeding with search, the largest source of traffic on the web, calls for having great content. Search engines index billions of pages and are very good at determining the quality of content on them. If you want traffic, you need your content hub to be a collection of attractive pages.

3. Engagement

Your website could be ultra-magnetic, but not all that successful. Great sites do more than generate traffic; they inspire engagement. Content hubs foster engagement (as in reading, sharing, signing-up, trying, buying, attending, and so on) more than sales pages ever could—or can.

4. Control

Social networks are ever-changing and the changes don’t always benefit members who rely on them for content distribution. Traffic on your content hub is far more meaningful because you control the experience. You tailor the experience. Your objectives come first.

5. Leads

Content hubs enable you to generate leads and sales. When visitors find value in the information you offer, they’ll invest more time there. You’ll create opportunities to “feed the funnel” with tactics such as lead capture, progressive
profiling, and contextual calls-to-action (CTAs).

6. Marketing insights

Your content hub will give your company detailed analytics reports. The metrics you’ll gather inform your content creation team as to what does and doesn’t excite readers. With more insights into what users deem valuable, you’ll become a more effective publisher.

House a more appealing media mix

Your hub can be 100% blog-based, but a diverse media mix—from a variety of sources—will raise the bar and appeal to a wider range of media consumers.

A content hub is a flexible forum where you can publish whatever you like (or more importantly, whatever your audience likes). The media mix may include video, audio, infographics, slides, articles, papers, or any digital media.

Your hub centralizes all that you publish to provide its visitors a more interactive and valuable experience.

Content may be:

• Homegrown—Content produced by internal resources
• Curated—Content from companies or media sources you deem to be credible and authoritative.
• Social media—Content published on your hub and promoted via social media to drive traffic to your website.
• User generated—Content created by customers and partners
• Advertising—Offers from your company and sponsors

Content hubs look sharp

Content hubs often take a cue from websites like ultra-popular mega-hubs on the social web such as Pinterest and SlideShare. They’re presented “tile style” or magazine-like.

They’re highly graphic with a simple structural form, which makes them easy on the eyes and easy to skim. Content hubs usually present social media share stats at a glance, which tends to promote sharing.

RingCentral’s media team uses the ScoopIt platform to easily find business and media news to create a steady stream of content as part of its multifaceted and highly trafficked blog.

Create an effective content hub

Content Hubs Are Here: The Secret to a Long and Prosperous Life in Publishing, a recently published eBook from ScoopIt, reveals important details for creating a killer content hub. Here’s the short version.

Establish objectives and a mission statement

Get your marketing and sales leaders together to agree on the primary objective. Prioritize secondary objectives and document them.

Document a content marketing mission to clearly articulate:

1. Your approach to content creation
2. Whom the content is for
3. How the content will satisfy the need of those that consume it

Canva Design School, a great example of a content hub from both a small business and SaaS-based company, focuses on delivering an array of resources to help businesses master graphic design.

Create a publishing plan

Assess your prospects’ needs—The foundation of your editorial plan is to create content to deliver the answers to your prospects’ questions.

Examine the competition—Dive into the content your competition delivers to determine how you can do things better or differently.

Audit existing content—Closely review existing assets such as email, FAQs, presentations, webinars, RFPs, case studies, research, sales pages, and brochures. Look to find what might be revisited and turned into helpful articles, blog posts, infographics, videos, eBooks, podcasts, etc.

Tap search and social—Focus on things your target market does and says online. Try the following:

• Research search activity with the free Google Keyword Planner tool.
• Examine website data with Google Analytics.
• Look at questions posed on Q&A sites, online forums and LinkedIn Groups.
• Conduct hashtag searches on relevant social media.
• Monitor conversations about your market on social networks and setup Google Alerts based on your important keywords.
• Consider changes soon to affect your industry.

Hire the right talent—Consider hiring a content strategist to take the lead and a managing editor. Hiring freelancers is a practical strategy to fill voids, round out the team and maintain a steady publishing schedule.

With a content hub, a single person with editorial skills may be capable of writing, editing and curating content to manage all your needs.

Design an attractive hub—Your content hub should be user-friendly and smartly branded. Bring a graphic design professional onboard to give your content hub a branded look and feel and serve its audience well.

Create promotion plans—Make distribution and promotion part of your plan from the get-go considering paid, earned and owned channels.

Get the tools you need—To host a content hub, you’ll need a couple of tools:

1. Content management system (CMS)—A CMS platform makes creating, publishing, optimizing and maintaining web pages simple. WordPress is by far the most popular CMS.
2. A content hub manager—Scoop.it Content Director is the most affordable and simple platform I’ve discovered for delivering a turnkey approach for planning, sourcing, and distributing content.

Feeling like toast?

I should now confess (or disclose), I wrote the ScoopIt eBook I’ve mentioned a few times. In it I wrote a dedication to every content marketer who feels like toast.

See, every day thousands of companies join the content marketing parade and thousands more bail. Do you know why? They don’t have the resources to stay the course.

Like most, they understood if they consistently published the valuable content readers actually want to read, watch, listen to and look at, the content marketing dream would be realized. And like most, after awhile they’re toast. Burnt.

You don’t want to suffer the same fate.

Consider creating a content hub and populating it regularly not only with blog posts or homegrown content, but with curated, user generated, co-created and various types of media your prospects find relevant and useful.

Want to learn more about content hubs? Content Hubs Are Here features a detailed explanation of the ingredients of a killer content hub and 13 examples of the hottest content hubs on the web.

About the Author: Barry Feldman operates Feldman Creative and provides clients content marketing strategies that rock and creative that rolls. Barry has recently been named a Top 40 Digital Strategist by Online Marketing Institute and one of 25 Social Media Marketing Experts You Need to Know by LinkedIn. Visit Feldman Creative and his blog, The Point.