Security and Compliance: What You Need to Know About Your IR Website
27 August 2020
By Amy Statham
A website is more than just your digital presence. It is the first stop for investors to become acquainted with your corporate story, understanding its goals, direction, and strategy. When we hear statistics such as 75% of investors say their decision on an investment is based on the website’s quality, it is not surprising that sites are continually taking up more of an IROs attention.
However, one of the most essential components of your IR website is something visitors can’t even see; and that’s your website security. Financial institutions are three hundred times more likely to become the victim of a cyber attack than they were six years ago. So, ensuring that your site can survive malicious attacks and securely send and receive information is a critical factor to address as a part of your investor relations workflow and communicating with your investment community.
Read on to learn more about the lesser-known aspects of website security and how to effectively navigate security as a part of your website and investor relations program.
Keeping Your Website Secure
Security is more than a ‘nice to have’, it’s a standard. Since 2018, Google has been flagging websites that do not have an SSL certificate, which encrypts sensitive data sent between you and a website. Websites that are SSL certified will have HTTPS in the website address (or URL) to indicate the site is secure. You may have encountered non-compliant websites in the past with a “Not Secure” message in a URL, or even experienced sites blocked from loading at all.
In addition to protecting your data, SSL certificates are an input in Google’s search algorithm that works to ensure your website is optimized to appear in search results, broadening the chance of your site is easily findable.
While you may already have a secure website with an SSL certificate, renewing this is an annual requirement. To ensure you’re on track for your SSL renewal, you need to work alongside your IT department to re-apply and renew your certificate. This renewal process can result in additional effort when you likely already have a calendar overflowing with conferences, earnings, and every other item placed on your proverbial to-do-list, in which case, there are a variety of vendors that now offer these services as part of your IR website maintenance. Keep in mind, in the instance that an SSL certificate isn’t renewed in time, it can bring down your website completely, causing your digital presence to be inaccessible.
Prevent Attacks From Bringing Down Your Website
Malicious attacks are another ongoing concern for any website. A distributed denial-of-service (DDoS) attack is one of the most prevalent, in which a website is brought down by hackers flooding a site with too much traffic. By overwhelming servers or networks with more traffic than it can accommodate, it can leave your website inoperable.
These security breaches can have an adverse impact on the reputation of your company and can end up costing your business. In fact, the average impact of a DDos attack on financial institutions is approximately $1.8 million (and that amount doesn’t include any investors that choose to leave as a result). Investing in the right infrastructure and implementing the appropriate security measures is critical.Not only for addressing the concerns you have currently, but be forward-thinking to prevent and protect against future security issues.
Ensuring Security From the Start
The data you provide while developing your investor relations program is highly sensitive. As data flows from your computer to third parties, it’s key that your content is handled with a significant amount of care to avoid potential data theft and malware. Considering the sensitivity of your data, it’s vital for there to be the right checks and balances in place to ensure that your data is handled securely at all points in your engagements.
One of the critical auditing processes to confirm your security is called SOC-2. Developed by the American Institute of Chartered Professional Accountants (CPAs), SOC-2 is a set of defined criteria for managing your data based on privacy, confidentiality, processing integrity, availability, and security. The rigidity of these requirements is applied to each organization to ensure that every business practice is managed thoughtfully.
Keeping your IR website secure is a holistic approach and encompasses how your data is handled to how you’re able to protect your site from external threats. Having the right approach and adopting the appropriate security measures will help ensure your website’s uptime, meaning your corporate message is always live, easy to find, and accessible. To learn more about website protection and how Q4 can help you achieve your security goals, visit our website.