Digital security v online visibility: where's the balance?

Today at the Truro Professional Women's Network, organised by PKF Francis Clark, I listened to an interesting talk by Amber Olsen, a digital eagle for Barclays.

Amber's specialty is cyber crime and she works with Barclays business customers to help them keep their data and their cash safe when trading or communicating digitally.

As she was speaking, it occurred to me that some of the tips for staying safe were not necessarily compatible with remaining visible; something that is essential for all small business owners. For example, my work email address and mobile phone number are in the public domain. They have to be. What choice do I have if I want customers to be able to get in contact with me? My Twitter account is necessarily open access. If it wasn't, who on earth would know or care what I have to say about things? 

Of course I raised the question at the end of her talk and the resulting discussion prompted me to jot down where I think the balance lies and how you can stay both visible and safe online.

  • Keep your social media accounts separate. This means keeping your personal life away from your business profile. It doesn't mean that your work social media should not reflect your personality but you can reduce the chances of someone targeting your business if they can't use your social media to find out about your hobbies, kids, pets, where and when you go on holiday etc. Amber explained that this information is used by hackers to build up a detailed profile on you so they can target you better. Decide which platforms you want to use for which activity and don't mix them up. It can be easier if you, for example, only use Twitter for business rather than having two separate accounts. On Facebook this is even easier as you can keep your profile for personal and set up a page for your business. As long as your profile privacy is high this should work fine. See some resources at the end of this blog for more help with privacy.
  • Be wise to phishing emails. If you receive an email out of the blue to your business email address (or to any email address you use) and you don't recognise the sender, check and double check. Does the domain look authentic? Is the grammar good? Are you being asked to click a link when you wouldn't normally expect to do that? If you're unsure it's best to be cautious and ignore/delete the email. If it appears to come from someone you know, it's good to alert them too. You can reduce the chances of being deluged by spam and phishing emails by using a contact form on your website rather than publishing your email. But be aware that this can be off-putting for many new prospects who will prefer to simply click your email address to contact you rather than risk having to fill out a form and potentially give you more information than they wanted to do. If being visible to new prospects is important to you - and let's face it if you're running a business it ought to be - I'd advise publishing your email address but taking care when responding to or interacting with emails you receive.
  • Consider how your professional credentials could be used. In my line of work it's important to potential customers to be able to see my credentials: who I've worked for, my qualifications and professional memberships for example. But could this information be used for identity theft? This is where finding the balance gets a little tricky. You need to include sufficient information for customers to feel confident in your abilities without providing so much that a thief could impersonate you. I tend to provide information about what I've done but not usually when. So I'll say I have a postgrad certificate in marketing but not when I got it. Hopefully that is a good balance.
  • Ensure e-commerce is secure. If your business is engaged in e-commerce it's important to do two things: make it easy for customers to make purchases and make it bombproof. The best way to do this is to use a reputable third party payment processor. I use Stripe for my e-commerce activities and so far the service has been faultless. It's definitely easy, has lots of customisation and is reassuringly safe to use. But there are lots to choose from. The important thing for customers is often to ensure they stay on your site the whole time. If they start jumping off to other places they may lose confidence and then you have an abandoned cart scenario.
  • Lastly a word about GDPR - the new General Data Protection Regulation. Enforceable from May 2018 it is a strengthening of existing duties under the Data Protection Act. Although this isn't really about your visibility it does mean that you have some new things to think about if you collect any data at all from your customers. It is about protecting your reputation online and ensuring you are doing the right thing by your customers as well as staying the right side of the law. See below for an overview on this from the Information Commissioners Office which also has some excellent resources for businesses who are affected.

My last word on this issue is this. It's vital for any business to be visible online and if you are a small business where you as the business owner need to maintain personal visibility, you are going to have to put yourself out there even if it does lay you open to hackers. Be wise and try to strike a balance where you can.

Resources and further reading

Facebook privacy tips and info

Twitter privacy tips and info

General Data Protection Regulation