Is your private investigator website leaking confidential information?
Here’s how to secure it.
Here’s how to secure it.
In July 2018 Google, Firefox, Mozilla, Internet Explorer (Edge), Safari, and most mobile browsers all made an important change to their systems. Websites without an SSL (Secure Socket Layer) Certificate installed would display a “this website is not secure” error message.
Mozilla went so far as displaying a message on affected websites’ contact forms stating: “This connection is not secure. The information entered here could be compromised.”
On the mobile side, iPhones began taking users to a page with the text: “this connection is not private. This website may be impersonating www.yourwebsite.com to steal your personal or financial information. You should go back to the previous page.”
The new update is designed to protect the privacy of users, ensure their passwords are encrypted, and to thwart identity theft or phishing attacks. It’s great for the user – after all, we all want our banking information to be protected.
But what does it mean for your PI agency’s website? You don’t send or store financial data. You don’t transfer sensitive information through a portal. You probably don’t even have a log-in section for your clients. So does it matter?
It does, and here’s why.
People already think we’re sketchy. Many people are afraid to talk to us for fear that we won’t be “confidential” enough. They’re concerned that somehow their partner, business associate or claimant will find out they’re hiring an investigator. Your website needs to allay those fears, not encourage them.
If your website doesn’t have an SSL certificate, every potential client is now getting an error message saying “Hey, someone could intercept your communication. You’d better watch what you say.” Instead of helping them feel at ease, your website is doing the complete opposite. That’s not a great first impression.
Some PI websites have forms that request SSNs, license numbers, birthdates, addresses, license plates and more. This sort of identifying information is valuable to an attacker and should be secured with SSL Encryption. Credit card and other payment details should also go through a secure gateway.
Google gives websites with an SSL certificate installed an SEO boost. You won’t immediately jump from page 10 to the top of page 1, and the jump may be minimal, but it is there.
When a user sees an SSL certificate, they can be confident that their data will be safely stored an transmitted. SSL certification shows that you treat sensitive information with care and in the strictest confidence.
SSL Certificate installation has to be kick-started by your server’s administrator. This is usually fairly simple. Most hosting companies, including GoDaddy, Namecheap and Hostgator, all sell and install SSL Certificates. Once the certificate is installed, your hosting company can help redirect the traffic from HTTP (standard) over to HTTPS (secure).
When this “migration” is complete, you’ll need to review every page on your site to verify that all content (images, CSS, fonts, videos) is being loaded through the secure layer, rather than through regular HTTP data. If this is not the case, the HTTPS lock in your browser will turn yellow and will display the message “some elements on this website are not secure”.
After that, all that’s left to do is add your HTTPS to your webmaster tools, Google My Business account and social media accounts. You’ll also want to switch out any links to your old HTTP site with links to your new HTTPS site.
You need an SSL: there’s no question about it. If you’re hosted with us, you can breathe a sigh of relief. We automatically install them on your behalf – at no extra fee. But if you’re not hosted with us, you’ll need to contact your hosting company to get the ball rolling.
If you’re not quite sure what your site needs, you can also request a consultation from our team. We’ll review your site, see where you’re hosted, and walk you through what needs to be done.