As a website owner, or “webmaster”, it is your responsibility to not only provide a valuable service to your users but also to respect their privacy. Not all users value their privacy the same way. Some users are very rigorous in protecting their information while others pay little attention to it. Nevertheless, you must treat each user equally and provide privacy, security, and mitigation strategies to protect your users not only from your site but from other hackers and scammers around the Internet in general. Below you will find a shortlist of best practices, or “rules”, every webmaster should follow.
Take Internet Privacy Seriously
At one point or another every website will be hacked or, at least, have attempts made upon them. This means that cyber threats are an ever present part of the Internet landscape. As a webmaster, you must be aware your website is always vulnerable.
There are professional security and threat analysis contractors who can review your site and provide you with mitigation measures you can take. But for the most basic stuff, you can and should get started yourself.
Do Not Misrepresent Your Privacy Policies and Procedures
Your users are more aware of Internet privacy issues than you may anticipate. And they will expect some level of protection. It is considered a best practice to host a privacy policy on your site, in which you outline your security practices and mitigation strategies as well as what kind of data you collect.
It might seem obvious, but make sure, to be honest about your privacy protection and mitigation technology. If you need to double-check with your IT staff to make sure that all the claims made in your privacy policy are correct, you are best advised to go ahead and do it. If any privacy protection claims made on your website are found to be false then you can be held liable for deceptive commercial practices.
Make Sure Your Site Is Using SSL
The SSL debate was more of an issue several years ago when many sites had no SSL protection, but now browsers will warn your users if your site does not have an SSL, and certificates are provided free by most hosts.
So it has become somewhat of a rarity to see sites that do not use an SSL certificate to protect their web traffic. But yet, it still happens. If you are unsure of how to install an SSL certificate for your domain be sure to check with your hosting company, and they can help get your SSL set up properly.
Likewise, if you do have an SSL, have a plan to update it at regular intervals. Many SSL providers require an update at regular intervals. However, newer SSLs can be programmed to update automatically.
Be Careful With Email Marketing
Email is an old but consistently valuable channel for Internet marketing. However, it is fraught with potential regulatory difficulties. There are regulations against spamming people with email. If you are planning on using email marketing then make sure you are not marketing to anyone that has not requested or “opted in” to receive marketing from you. Likewise, always make sure to include an “opt-out” option.
Most email marketing will help you make sure all your boxes are checked in this regard. It’s worth the extra effort and cost of setting up these systems properly.
Do Not Collect Any Data You Don’t Need
There are many third-party apps you may integrate into your site. And some of these will collect their own data.
Remember that your users’ data is a sacred thing to hold. What data is of legitimate business interest to you? The best way to protect data is to avoid collecting it in the first place. Be sure to eliminate any data collection practices that do not directly benefit your business. Data breaches can be costly, and you want to make sure you are not collecting any data you don’t need.
Start a Dialogue With Your Host
Likewise, the first point of contact with cyber threats can begin with your hosting company. What kinds of security measures do they have in place? Most hosting companies will have a privacy policy you can review. This will outline which areas of your site are your responsibility and what your host is doing to help.