Forms, Security, and Databy: Justin

Vivid Image

Contact Us Today!

One of the greatest things about websites is how they open up lines of communication between business owners and their customers. Contact Us forms have been a staple of websites since the earliest web pages were being built and have allowed for customers to submit everything from raving compliments to simply inquires. Forms started off simple enough; a name, email address, and a short message would be gathered by a website and sent via email to someone on the other side to read and respond to.

Though you may often still find simple contact forms like that today, you’re just as likely to run into multi-page employment applications or behemoth forms used for gathering a wide assortment of information from customers. In addition to the traditional email this data is often stored as a semi-permanent record for future reference in the website’s database.

Website Forms and Sensitive Data

Online forms are capable of receiving any kind of information you can imagine which can lead to some tricky situations if you’re not careful about what kind of information you’re asking for. When building an online form consider the 3 biggest areas where that information can be stolen.

MYTH BUSTING: An SSL is all you need to collect sensitive information from customers on your site. TRUTH: While SSLs are an important part of the equation, there are many other things to consider.

First, the email

If you are collecting sensitive information such as social security numbers, birth dates, or medically related information, the first thing to consider is; are you emailing any of this information to someone? Many forms will send the filled out form data via an email to designated email addresses often configured during the creating of the form. This can open up huge gaps in the security of that information.

For example do you connect to your email provider using an SSL encrypted connection? Is the email being sent encrypted? What about your computer itself; can you guarantee that no one will ever have unauthorized access to your computer and thus your email? What about when you get a new computer, are you properly destroying your old hard drives? Simply deleting files is often not enough to prevent a data breach. Storing any kind of sensitive information is a big responsibility and for the safety of your customers and your business it’s not something that should ever be taken lightly.

Second, the storage

Most modern web forms are built with some kind of database based storage system to keep a record of the data associated with every form submission. Much like storage on your local computer (we talked about above), storage of sensitive data at the website itself must be handled properly. Ensuring that your database is encrypting any sensitive data with a industry standard level of encryption is paramount.

This type of feature is not something you often find on typical form generating plugins, so make sure what every tool you’re using explicitly states that it is encrypting your customer’s data when storing it. At a minimum the encryption should be at least 256-bit.

Third, the transmission

If your collecting any kind of sensitive information your site must have an SSL installed and active. SSLs create a secure connection between a website and the user. Any information exchanged between the two, in this example a form submission, is encrypted which prevents someone from intercepting it while it’s in transit. SSLs also go a long way in reassuring your customers and let them know that you take the security of their information seriously.

In Conclusion

While being able to accept sensitive information like credit cards and social security numbers via a website’s online form can go a long way in increasing the overall usefulness of your website, it’s extremely important that you know how to do it safely. One breach of data can cost you and your customer financially and permanently damage your reputation. Trust between a business and its customers is vital, and once broken may take years to restore-if ever it can be.

For securely collecting sensitive data we often recommend a company like Formstack. If you’re thinking about collecting any kind of sensitive information be sure to have a discussion about it with your Vivid Image account director who can offer insight and advice on how to move forward and what your best options are.

FacebookTwitterLinkedInEmailPrint

Related Stories

How Long Should a New Website Be Expected to Last Me?

Margaret & Lindsey Designate $500 to Charities

dealing with fake or spam reviews on Google and Facebook

How to Handle Fake or Spam Reviews

Marketing is confusing. Get your FREE 2023 Marketing Playbook

Not only will we evaluate your business and create a custom playbook, we will spend time with you 1:1 to help you understand exactly where you need help and gain clarity in what step you need to take next in order for you to succeed and allow your business to create the freedom you want..

Tell Me More!