7 mins

Development

How to create secure websites and campaigns

Date 26.10.2018

Digital data is under the spotlight so often these days with tech giants like Facebook and big brands like Uber being hacked, and millions of peoples’ data being stolen in the process. As a result of such concerns, General Data Protection Regulations were put into place back in May, putting the power of privacy back in the hands of the public.

Before I go into more detail on what this all means and how you can be creating secure, clear websites, here are the key points you need to know – just in case you ran out of a meeting on data security to read this and need to go back in now sounding smart.

Because GDPR gave the public the power of privacy back in May this year, any websites you build or ideally use need to:

  • Be responsible and clear – Don’t hide any data you collect or share in the small print.
  • Reduce risk – Don’t collect or store any more data on someone than you need.
  • Only use trusted third-party services – self-explanatory, really.
  • Ask users to opt in to something, rather that opt out – they need to know that they’ve given their data in such a way.

Brushed up on the headlines? Let’s get into the details.

Since GDPR has been in place, complaints relating to data have almost doubled. While this doesn’t sound all that fun, it’s an important shift in public behaviour. The public now understand just how much data companies have on them and the power that they have to access or even delete this whenever they choose. They also know when a company is mistreating their data or sending them communications without a legal right to do so.

It’s no surprise that people are learning more about data as some massive brands have seen security issues recently, affecting millions of people.

Facebook is facing a fine of about $1.63 billion after 90 million users had their accounts hacked in September, in which:

“Attackers exploited a vulnerability in the code of Facebook’s “View As” tool, a feature that shows users what their profile looks like to other people. This allowed them to steal Facebook access tokens that they could then use to take over almost 50 million profiles. A further 40 million users who had interacted with the feature were also exposed.”

Also in September, Uber were said to pay a £133 million settlement after their cyber-attack back in 2016, which exposed data from 57 million customers and drivers.

This is all great, but it doesn’t really help you or your brands (other than some interesting chat for around the water cooler).

What can you do to make your websites and campaigns secure (and compliant)?

Be responsible and clear

  • Don’t hide any information on how you’ll collect, process, and share their data in the small print. Any information surrounding data needs to be clear, concise, and easily available to anyone visiting your website (or integrated comms).
  • Reduce risk by only storing the data that you actually need. The more data you have on people, whether you use it or not, the more likely you’ll be a target for hackers. After all, people rob vaults, not piggy banks.

Be aware of your third-party services

  • Consider the third-party scripts or services used on your sites and remove anything that is not essential. For example, using third-party social sharing buttons from places like AddThis means that user behaviour is tracked. However, there are other third-party social sharing buttons that don’t track user behaviour, so these are worth seeking out.
  • Replace functionality with simple versions that pass the user to the third party instead of bringing the third party to your site. It can also be worth using server-side analytics instead of passing data to Google.

Put the power back in the hands of your users

  • Giving people the clear choice to opt in to your marketing comms means that they will be more engaged. Isn’t that what we all want? These days, if there isn’t a clear paper trail of how someone ended up on your database, then you could be in real trouble.
  • One for users: There’s a way to request that websites don’t track your behaviour if you’re looking to be more protective of your data online. The power truly is yours, and it’s here.
  • One for website creators: If you say you’re not going to track someone from your website and across the internet, honour it. People appreciate if you’re true to your word and they really appreciate not being followed around the internet by a brand or product. There are ways of doing this well, but if you’ve said you won’t track, don’t track.
  • Don’t ‘gate’ essential business functions such as bookings or enquiries with data capture forms. Bookings and leads are normally worth more to a brand or business than someone’s name and email address, so why make that conversion more difficult? If they want to sign up afterwards, they will.

And that’s just a few things to think about in a post-GDPR world, where people are more aware of their data and their right to privacy than ever before. Keep these in mind when you’re working on a website or marketing campaign that involves data capture and you can’t go far wrong.

Having said that, I’m a little worried that this will become the next trend in secure website design:

Every website in 2018 from r/funny

If I use even one website like this then I’m switching to print advertising.

Looking for a little further reading about data security? Check out a few of our other articles:

  1. Can AI support you in tackling GDPR challenges?
  2. GDPR: Keep calm, think cookies

Share this post