Your website is the digital face of your business. Not only does your site need to accurately represent you, but it also needs to establish trust from the moment someone clicks onto your site. You need more than pretty pictures and confident copy—you need a secure website.
A law firm website that isn’t secure looks bad—and it’s bad for business. A single security mistake could result in a lost business opportunity, harm your reputation, or even create an opening for your site to be hacked. The consequences of hacking can be pretty awful, especially for legal professionals. The benefits of a secure website are worthwhile. Studies show that secure websites have higher conversion rates.
Website security is a major undertaking, and it’s wise to work with a website developer who can help you. But here are a few basic principles that you can use to keep your website and your online guests safe.
An SSL certificate is non-negotiable
See that little padlock icon in the search bar next to the URL? That’s a sign that you’re on a secure website with an SSL certificate.
SSL stands for Secure Socket Layer. It’s a way to authenticate the identity of your website and open up an encrypted connection. Basically, it creates a protected channel between your visitors and your website and prevents hackers from accessing your users’ information for nefarious means.
When your site has an SSL certificate, your URL will begin with HTTPS instead of HTTP. The ‘S’ on the end stands for Secure.
Google really likes HTTPS websites. Safe websites are better for users, so you need an SSL certificate if you want to impress Google.
People also really like HTTPS websites. If you have ever tried to visit an HTTP website in the past, you may have seen the scary warning about a “Not Secure” site—and we’ll bet that you clicked away immediately. According to HubSpot, 82% of people would leave a site if it’s not secure.
Luckily, it’s relatively easy to get an SSL certificate or ask your website developer to get one.
Keep plug-ins up to date
Plug-ins are third-party software that add extra features to your website. Although they add value, plug-ins also introduce risk—especially if they’re not kept up-to-date.
Outdated plug-ins are the leading cause of WordPress sites being hacked.
The key to keeping your site secure is to minimize vulnerabilities, and third-party apps and software increase your risk of being hacked.
To avoid problems, be sure that someone at your firm (or your web developer) takes responsibility for updating plug-ins. This security task must be done frequently and regularly.
Monitor your content regularly
During the last few years, many firms have reached out to us for help after discovering strange content on their sites. They didn’t add it and they have no idea how it got there. Usually, their sites have been hacked and they had no clue!
It’s surprisingly easy for hackers to alter your website without your knowledge.
Monitor your content regularly to ensure that your content is, in fact, yours. Automatic monitoring tools can help with ongoing reviews but periodic manual reviews should also be performed. If you’re unsure where to start, here’s a website audit checklist.
Know who has access to your CMS
Finally, here’s a bit of dirty laundry that every attorney wants to ignore.
Off-boarding is undermanaged and undervalued by many law firms—and this creates an enormous security risk.
Do you know who has access to your website CMS? What about your domain name account and DNS records? Have you changed your passwords in the last year?
Create a thorough off-boarding procedure that includes removing website access for departing team members. Several times each year, review the profiles and people who have access to these platforms. Wherever possible, try to reduce the number of people who can get into these accounts.
We’re not implying that anyone on your staff has bad intentions. Rather, we’re saying that the more people have access to your website’s backend, the more openings you create for bad actors to do damage.
Review and next steps
A secure website can help with SEO and build trust with visitors. Here are a few actions that anyone can take to improve website security:
- Get an SSL certificate
- Update your plug-ins
- Monitor your content regularly
- Reduce and control access to your website
Ultimately, website security is a complex task and you should work with a skilled legal website developer to help you. But if you’re on your own, you can take basic steps immediately to improve the safety of your website today. There are a number of free tools, including WhyNoPadlock that can help you learn more about your site’s security status.
Reach out if you run into any trouble getting an SSL certificate or if you want more information about online security for your attorney website.