The risks of an unsecure website

With GDPR in place, having a secure website is more important than ever, and risking a security breach can result in fines so hefty that it can literally kill your business overnight. Fines can be up to 20 million Euros or 4 percent of annual global turnover! This is why I am shocked that so many companies and organisations (especially schools!) that deal with data have sites that are open to attack.

GDPR (General Data Protection Regulation) rules are there to protect individuals personal information and privacy. This is why if you collect ANY data, which inevitably you are doing right now, whether it be a contact form or cookies used for the functionality of your website, you must ensure that this information is safely collected, stored and transmitted.

The best way to do this is to secure your site with SSL (Secure Sockets Layer certificate), e.g.

SSL technology ensures that all data transmitted between the web server and browser remains encrypted. Without it, you risk having your website hacked, which can result in the hacker changing your site content, stealing customer data, adding malicious spyware or other code that might for example redirect your visitor to a porn site, or somewhere where credit card information or personal data is stolen. These are all real risks if you have not got an SSL certificate installed.
Another killer reason to install SSL is that Google Chrome and other browsers will give site visitors an ominous warning, which will almost inevitably drive them ‘back to safety’, meaning you might as well not have a website at all!
This is why all the sites we build and host for our clients are SSL secured as standard. We also install cookie notices that tell users exactly what information is collected, what it is used for, and how to find out more.

How do I know if my site is secure?

It is easy to check if your site is secure. Look for the lock symbol and/or the https prefix at the beginning of your domain name – or the massive Google warning that pops up!

There are other obligations you have to make your website GDPR compliant including having a privacy policy and a cookie policy, but this is a story I will leave for another day and another post!

I hope you found this useful!