How And When To Educate Clients About The Importance Of Website Security

Discover when, during the website build process, web designers and developers need to educate clients about website security.

Row of locks on a cable

After investing valuable time, energy, effort, and resources into the design and development of a website, site owners must actively protect their sites from harm. For your clients, the best option is to sign up for a monthly website care plan with you, their trusted partner.

Unfortunately, while website security is a critical consideration during the internal website development process, conversations with clients about security are often an afterthought; happening only near or at the end of a website project.

There’s just one problem with that approach: Waiting to address website security until the end of a project fails to set proper expectations and prepare clients for the real-world demands of website ownership.

Website security must be a part of client conversations from the very beginning of a project.

Starting with the very first sales call, client conversations should reinforce the responsibilities of website ownership beyond the launch and introduce/reference your monthly website care plans.

Website Security Education

If you’re selling websites, you must educate clients about website security and the benefits of a secure website. When clients understand relevant security threats and what is involved with keeping their site protected, they are more likely to invest in monthly support services that include security considerations.

There are six points during a website project where you can naturally and easily address website security and provide client education:

  1. On the initial sales call
  2. In the website proposal or contract
  3. During website development
  4. During website launch preparation
  5. During the website training session
  6. As part of outbound client care

1. On The Initial Sales Call

Set yourself apart from competitors and position yourself as an expert by addressing website security and website care during the very first call or email. This demonstrates your desire to not only build a fantastic website but to protect the client’s investment.

On the sales call, introduce your approach to website security, explain why it must be taken seriously, and communicate the potential ramifications of a security incident, such as:

  • Damage To Brand Reputation: It takes years to build a strong brand and one unfortunate incident to damage it and destroy trust. A hacked website is one of the fastest ways to jeopardize your brand reputation and brand equity.
  • Stress And Lost Time: A website hack creates frustration, worry, and stress. Working with hosting providers, developers, and security professionals to overcome security issues takes valuable time away from running your business and serving your clients.
  • Loss Of Revenue: Whether you have a simple brochure-style website or a complex ecommerce website, getting hacked can result in alienating your audience, losing leads, losing subscribers, and losing revenue.
  • Search Engine Blacklisting: If a security compromise isn’t discovered fast enough, search engines may blacklist the website, which could not only result in losing organic traffic but getting ad accounts suspended or shut down.

Also get clients thinking about how their website will be protected, maintained, and cared for after the launch. Ask prospective clients questions like:

  • Do you know much about website security?
  • What is your position on website security?
  • Have you thought about how you will keep your website secure?
  • Have you thought about how regular backups be managed?
  • Who will be responsible for testing and performing all of the software updates?
  • Have you looked into a solution for uptime monitoring?
  • If there is a security incident? What’s the plan? Who is responsible?

Some or all of these questions will give you a clear idea of how technically savvy the client is and whether or not they have given any thought to the security of their website. Their answers will also provide the insights needed to properly position your website care plans as a perfect-fit, must-have service offering.

2. In The Proposal Or Contract

From the scope of work to the terms and conditions, the proposal or contract documents all of the important details website clients need to know, including website security.

Consider adding a section to your proposal/contract that addresses website security:

  • Reiterate why clients must pay attention to the security of their website
  • Explain why an ongoing security plan is important
  • Outline your security process or approach
  • Share options, including your website care packages that include security features
  • Detail who is responsible for keeping the website secure post-launch

3. During Website Development

During development, educate clients about the potential security threats they may face as a website owner, and explain the responsibilities of owning a website and keeping it secure.

  • Help clients understand that hackers don’t discriminate: Clients believe their small website will never be a target, but the size of the website doesn’t matter. Hackers will attack any website no matter the size.
  • Teach clients about what hackers want: Clients think that their website content isn’t interesting enough to attract the attention of a hacker but most security compromises have nothing to do with the content on the site. Hackers are looking for financial gain, backlinks, secret data, and using sites to access other websites in the same shared hosting environment.
  • Explain that most hackers aren’t real people: Clients think a hacker is a person attacking their website but in reality, the majority of successful website attacks are completed by automated bots or malicious software (malware).
  • Enforce the seriousness of potential threats: Clients think “it won’t happen to me” but in today’s digital landscape, it’s not a matter of if a website will be attacked but when it will be attacked.
  • Teach clients about software vulnerabilities: Clients need to understand that all software will have bugs and that all software needs to be updated when updates are available. They also need to understand that often security vulnerabilities are disclosed publicly as soon as they are found, which means everyone using that software is at risk until they perform an update.

4. During Website Launch Preparation

Position clients for long-term success by making sure they understand that in addition to the specific website security tasks associated with their website, they are also responsible for keeping their digital ecosystem secure.

Explain simple things clients can do to reduce their chances of experiencing a security incident:

Here are examples of tips you can share:

  • Be sure your computer’s operating system is updated to the latest security release and turn on automatic updates.
  • Ensure your internet browser is up to date and running the latest version.
  • Make sure any browser add-ons and plugins are up to date.
  • If running anti-virus software, be sure that it is up to date and that your machine has been scanned. If you are not using anti-virus software, turn on the factory firewall.
  • Set your home and/or office wireless network to use encryption/passwords.
  • If using an FTP client to access site files, always run the latest version and do not store passwords.
  • Don’t log into your website in public places with open WiFi networks.

Also explain the security-related tasks they will be responsible for if they opt out of a monthly website care plan:

  • Keep WordPress updated — incremental updates often address bugs and security vulnerabilities.
  • Update plugins when prompted in the WordPress dashboard as plugins are also updated for security.
  • Back up the website before making any updates and maintain backups of the database, theme files, and premium plugins.
  • Always log in/log out of your website and do not allow browsers to remember your password.
  • Use strong passwords with a mix of lowercase letters, uppercase letters, numbers, and special characters.
  • Use a unique password for your WordPress site and never use the same password for multiple accounts.
  • Regularly change your WordPress password and FTP password.
  • Control who can access your website and how much of your website they can access by only granting the appropriate level of administrative power to team members, assistants, partners, and/or subcontractors. This also includes deleting users when projects are complete or employment is terminated.
  • Research and test unknown plugins before installing them on your WordPress website.

For clients who didn’t sign on for a website care plan upfront, this is my favorite time to remind clients about how I can take care of all of these tasks for them. I ask clients if they’d like a care plan proposal to review and if they say yes, I send it over now, so I can close the sale during the post-launch website training session.

5. During The Website Training Session

After the site has been launched, host a live training session with the client to walk through the back-end of the site, explain how it works, and teach the client to use the unique features you created for them.

Again, educate the client about security threats they face as a website owner:

  • Brute-force attacks: Attempts to guess a correct combination of usernames and passwords to gain access of a website.
  • DDoS attacks: Volume-based attacks that overwhelm your server with requests in an effort to disrupt the site performance or crash the site.
  • Exploitation of software vulnerabilities: Security flaws in the code of the server, CMS software, plugins, themes, or extension.

Also, address ongoing website support and website security services:

  • If the client has signed a support contract, review the services you’ll be providing on a monthly basis, the security measures in place to protect their site, and what to do if there is a security incident.
  • If the client has not signed a support contract, once again communicate the responsibilities of being a website owner and the security considerations they need to address. Stress the importance of having a security plan in place and let them know you can take care of all of this for them.
  • If you’ve sent them a care plan proposal, find out if they have questions, answer their questions, mitigate any concerns, and help the client make a decision.

6. As Part Of Outbound Client Care

Post-launch follow-up provides one last opportunity to educate clients about website security best practices and what to do if there is a security incident.

  • If clients have an ongoing monthly support agreement in place, remind them one more time that you’re handling everything for the client and provide the contact details they can use to get in touch with you if they have any questions or concerns.
  • If clients are not investing in monthly website support, remind the client what their responsibilities are as a website owner and what they need to do to keep their site secure. Then let the client know that if they ever change their mind or find that they don’t have time to do it themselves, you’re more than happy to step in and help.

Security Education Benefits Everyone

There are three main benefits to making security education a part of your client management and client communication:

  1. A greater awareness of the potential threats, an understanding of what security is and why it is important, and a trusted partner to care for and support the site helps clients enjoy greater peace of mind, less stress, and fewer website problems.
  2. With better-educated clients and more strategic conversations around website security, you will be able to close the sale on monthly website support and security packages with greater ease and boost your monthly recurring revenue.
  3. Other website owners and the entire internet benefit from your commitment to security and the education of your clients by helping to make the web a better, safer place for everyone.

By making website security a priority in client projects and client education, you will solidify your position as a trusted partner, improve your client management, and elevate your brand positioning — and if you’d like pre-written scripts and email templates for each of these opportunities to educate clients about website security, check out Profitable Project Plan.