BBB Business Tips: Is Your Website Secure?

The risk of doing business online has never been greater due to the number of scams and data leaks. This Cybersecurity Awareness Month, learn why an unsecure website is bad for business.


October is Cybersecurity Awareness Month, which makes this a great time to reevaluate the cybersecurity measures in place at your business. According to the FBI’s Internet Crime Report, the cost of cybercrimes in the U.S. reached $2.7 billion in 2020 alone, so it’s no wonder why small businesses are worried about protecting their business. A recent Small Business Association (SBA) survey indicated that a majority of small business owners were concerned about cyberattacks against their business, with a whopping 88% of business owners saying they were concerned that their business was vulnerable to an attack.

All of this shows us that the risks of doing business online have never been greater for both businesses and their customers. Online purchase scams and frequent data leaks put consumers' financial security and privacy at risk, and reduce consumers' trust in your business. Show consumers your business is trustworthy by having a secure website. A valid Transport Layer Security (TLS) (formerly Security Socket Layer, or SSL) certificate is the easiest way to do that, and it’s one of the components Better Business Bureau® consistently recommends consumers look for.

Here are 5 reasons why an unsecured website is bad for your business: 

1. Internet browsers identify your website as a security threat.
A valid Transport Layer Security (TLS) certificate tells internet browsers your company website meets standard security protocols. Without it, potential customers won't see your company’s homepage. Instead, they are greeted with a warning message advising they could be susceptible to a phishing attempt. Customers don’t want to risk losing money or having their identity stolen just to use a company's website.  

2. Customers fall victim to scammers.
An expired TLS certificate puts your customers at risk for fraud and identity theft. The certificate does more than keep your website free of warning messages; it also helps ward off hackers and impostors. They do this by verifying the identity of your website and encrypting sensitive information.

When a TLS certificate expires, user data is at risk of exposure, and you’re more vulnerable to scammers who may use your business identity to steal from customers. Shoppers who access and use impostor websites could have their identity stolen, their financial information compromised, and even lose money to scammers. If an impostor uses your business's identity, customers will associate that negative experience with your company.

3. Your business reputation suffers.
If the first thing a customer sees when visiting your website is a warning, they will immediately identify your business as untrustworthy. Even if you quickly take action to correct the lapse in security, trust with that customer is likely lost for good. A study by Ponemon Institute estimates that one-third of visitors refuse to ever revisit any website where security has lapsed. 

4. Trust is lost with established clientele.
Customers are quick to trust businesses they’ve patronized in the past, and scammers know it. An existing customer who falls victim to identity theft through your business is likely to take their business (and their referrals) elsewhere, jeopardizing the 25% sales boost that customer loyalty provides to your business.

5. Shoppers do business with competitors instead.
Ultimately, the result of allowing your TLS certificate to lapse even momentarily could be significant damage to your reputation, sales, and customer loyalty. Every customer you lose due to an expired certificate is one customer your competition could gain. To set your business up for long-term success, you need to take data security seriously and stay ahead of any potential risks.

In our digital world, customers must trust you with their personal information before they’ll decide to buy from you. Be a leader in customer privacy by only collecting information you need, safeguarding your data from thieves, and being transparent about what you do with customer data.

Setting out to create a culture of cybersecurity is a time-consuming process, but it is important. Having a secure website can help to convert website visitors into paying customers.

Start protecting your business and customers by making sure your business’ website is secure with resources for your business from the Department of Homeland Security, Federal Communications Commission (FCC), Federal Trade Commission (FTC), and leading technology companies e.g. Google, Facebook, and Microsoft, that can help get you started. 

For additional tips and resources, visit to help keep your small business thriving. Contact your Better Business Bureau by calling 216.241.7678 or emailing Interested in BBB Accreditation? Find out how you can apply for BBB Accreditation

  • Email
  • Next up: Keeping PACE with the Market
  • More in Operations
  • Keeping PACE with the Market

    In a recent webinar, we explored how Ohio-based commercial and industrial real estate project developers, energy service companies and contractors are financing energy efficiency and renewable energy projects using innovative Commercial Property Assessed Clean Energy Financing (C-PACE).

    PACE financing provides fixed-rate, long-term financing to cover up to 100% of project costs. Typical projects require no out-of-pocket expense and generate immediate cash flow for building owners - enabling deeper, more capital-intensive retrofit investments. We showcased the standards, tools and underwriting best practices proven to meet stakeholder underwriting demands and win projects.

    Now more than ever, you may be seeking solutions to mitigate airborne pathogens such as COVID-19. If you are upgrading HVAC equipment and include specific measures like UV-C with documented energy savings, PACE financing may be a great tool.

    PACE refinancing or “Retroactive PACE” allows eligible improvements that have already been installed to be refinanced with PACE. 

    Watch the webinar below:


  • Email
  • Next up: What Every Small Business Needs to Know About Onboarding New Employees
  • More in Operations
  • What Every Small Business Needs to Know About Onboarding New Employees

    Effective onboarding has never been more important. Learn how to ensure your new hires feel right at home and stick around for the long haul.

    The pandemic has made finding new employees much more challenging. This makes the successful onboarding of new employees more important than ever. In simple terms, onboarding means the integration of a new employee into the organization. You accomplish this by giving them the information, the knowledge and the skills to become successfully integrated into the culture and operations of your business. 

    RELATED: Importance of and tips for training employees.

    It is a common misconception that onboarding begins on the first day of a new hire’s employment. In actuality, it begins before you actually hire them. It starts with a thorough background check and continues during the initial phase of their employment. This is important because a positive and effective onboarding process goes a long way toward employee retention. Studies have shown that as many as 69% of employees are more likely to stay in a position for three or more years if they received a positive onboarding experience. It is also a means of achieving a positive employee engagement which translates into increased productivity for you. If a new employee feels welcome, they are more likely to do good work and enjoy their job.

    Successful onboarding decreases the likelihood of new hire turnover and fosters a strong positive work attitude. 

    • Here are some suggestions for successful onboarding:
    • Let other employees know you have hired a new employee and to make them feel welcome.
    • Provide new employees with a mentor or someone to help guide them in their new position.
    • Modify the onboarding experience to make it special for each new hire. Take their personality and skills into account.
    • Give every new hire a handbook or employee manual and make sure they sign that they have received it.
    • Let new hires know as much as you can about your business culture and values, especially during the interviewing process. 
    • Provide any training that is needed.

    RELATED: Read more by Tim Dimoff.

    • Let new hires know as much as you can about any company policies and enforcements.
    • Give new employees time to get to know the company and their new co-workers.
    • Have workstations, computers, keys or passwords set up and ready when they start working. 
    • Have an open-door policy so they can ask questions and let them know who they can go to for advice, questions, help, etc.
    • Make sure new hires understand the responsibilities of their new job and any performance goals or deadlines. 
    • Make sure you are compliant with any local, state or federal laws relating to their employment. 
    • Successful onboarding provides a strong, secure work environment and can help you to retain new employees which saves you time and money in the long run. 

    President, SACS Consulting & Investigative Services, Speaker, Trainer, Corporate Security ExpertTimothy A. Dimoff, CPP, president of SACS Consulting & Investigative Services, Inc., is a speaker, trainer and author and a leading authority in high-risk workplace and human resource security and crime issues. He is a Certified Protection Professional; a certified legal expert in corporate security procedures and training; a member of the Ohio and International Narcotic Associations; the Ohio and National Societies for Human Resource Managers; and the American Society for Industrial Security. He holds a B.S. in Sociology, with an emphasis in criminology, from Dennison University. Contact him at

  • Email
  • Next up: Protecting your business from hackers
  • More in Operations
  • Protecting your business from hackers

    Business owners must take steps to protect their businesses from cyber-attacks. These attacks can cause proprietary information to be leaked and businesses to close. Here’s how to approach cybersecurity for your business and protect your information.


    Every year, businesses become more sophisticated in their efforts to stop hackers from stealing proprietary information. The problem is that hackers become more sophisticated every year, too. 

    Unfortunately, there’s no silver bullet for eliminating the threat of a cyber-attack on your business, but there are a number of ways to protect your data and reduce the likelihood of becoming a victim.

    The Question is Not If Your Business Will be Hacked, But When

    Unfortunately, just about every small business will eventually experience an attempted cyber-attack. According to Verizon’s 2020 Data Breach Investigations Report, small businesses make up 28% – nearly one third – of all data breaches. 

    The report points out that cloud-based tools can actually make small businesses even more vulnerable to having their data and personal information compromised. This risk was heightened even further in early 2020 by the sudden increase in employees working from home due to the COVID-19 pandemic – a trend that will no doubt continue. Just by looking at the sharp uptick in remote work and the resulting reliance on web-based tools, it’s easy to see that cybersecurity risks to small businesses will continue to grow. 

    The true cost to a small business facing a hacker is more than the valuable data that’s stolen. The cost of resolving a cyber-attack is often too high for most small businesses to weather. According to a 2018 column on small business cyber-attacks, 60% of small and mid-sized businesses that are hacked go out of business within six months. 

    There Are Basic Steps Your Small Business Needs to Take to Fend Off Potential Hackers

    Your business should be doing everything it can to prevent a damaging cyber-attack. The U.S. Small Business Administration’s Cybersecurity Guide is a great resource as you build your security plan. Here’s a breakdown of some of the best practices it recommends every small business do to keep their data safe. 

    Install & Update Antivirus Software

    Installing antivirus software on your network of computers is, at a minimum, a cybersecurity step that your company needs to take. There are several software providers with solutions that offer regular security updates so your devices are always secure. A few of the most widely-used cybersecurity software solutions include: Norton, McAfee, and Kaspersky.

    There are many more antivirus protection options out there as well. Check out this PCMag article covering the Best Antivirus Protection for 2020 for even more solutions.

    Use Internet Safeguards

    Firewalls and encryptions will safeguard your company’s internet connection, including any Wi-Fi networks. The SBA recommends setting up your router so it doesn’t broadcast the network name or the Service Set Identifier (SSID). Also, use a strong router password to further protect your internet.

    Back Up Everything

    This may go without saying, but your company should regularly back up all information on computers and any other devices. Duplication can save your business time and money and reduce liability should your data become compromised. If you can set up your devices to back up automatically or perform scheduled backups, then you’ll better protect your sensitive information and save yourself valuable time as well.

    Secure Payment Processing

    No matter what type of business you own, your money runs through a digital system when it’s handled by your bank. If you’re a retail shop, restaurant or other transactional business that accepts credit card payments, you’re utilizing a third-party vendor to process payments and creating an even bigger digital footprint. Talk with your bank and card processors to make sure they have secure, trustworthy antivirus protection measures in place so you don’t put your business and your customers at risk.

    Train Your Employees

    According to the SBA, employees and your email server are two of the biggest causes of data breaches for small businesses. It recommends training employees on the basics of cybersecurity including how to detect a breach and how to minimize the likelihood of getting hit with one in the first place. You can hire a cybersecurity expert to teach your employees what to do to better prevent a virus. There are also resources in the SBA’s Cybersecurity Guide to get you started, including events and training if your business needs even more support.

    This list of best practices merely scratches the surface of what the SBA recommends small businesses do to prevent an attack. Read the full guide for even more information. The Federal Communications Commission also provides valuable information for security with tips for small businesses. 

    Securing Your Business Takes Time, But It’s Time Well Spent

    Protecting your business from cybersecurity threats can feel overwhelming to a business owner, especially one setting up safeguards for the first time. As you set out to protect your business, consult professionals with experience in security planning, like a SCORE mentor. A SCORE mentor can help you get your security plan started and connect you to cybersecurity professionals who will set up your system and protect your data. Contact Cleveland SCORE today.

    Since 1964, Cleveland SCORE “Mentors to America’s Small Business” has helped thousands of aspiring entrepreneurs and small business owners in Northeast Ohio through free mentoring and business workshops. For more information about starting or operating a small business, visit  Cleveland SCORE at

  • Email
  • Next up: BBB Business Tips: Requiring Proof of COVID-19 Vaccination from Customers
  • More in Operations
  • BBB Business Tips: Requiring Proof of COVID-19 Vaccination from Customers

  • Email
  • Next up: Do I Need a Strategic Plan? Who Cares?
  • More in Operations
  • Do I Need a Strategic Plan? Who Cares?

    A strategic plan doesn't need to be overwhelming or scary. Read on as we review basic terminology and components of a plan and how it can help your business—and you.


    The answer to these questions depends on how you define a strategic plan and how you will use it.

    As owners and leaders of smaller enterprises, time and money are at a premium—there is never enough to do everything we believe we should be doing. Too many priorities create too much stress. We want more time for ourselves and our families. 

    Is creating and documenting a strategic plan just another task, or a way to help reduce stress, free up time, focus on what we do best, align employees and stakeholders, and help our businesses run more smoothly?

    You deserve all of this. A well-documented, communicated, and managed strategic plan can help you get there.

    Before we explore the question of “Do you need a strategic plan,” full disclaimer: I love strategic planning. I find it exciting. The only thing more fun than creating and documenting a strategic plan is gaining alignment around expectations, executing it, and communicating progress.

    I am a fan because I have seen strategic plans in action—helping leaders align teams, communicate to boards of directors, and feel the satisfaction of laying out and meeting measurable goals. I have seen chaotic change turn into manageable change.

    Strategic plans provide business leaders with the structure to execute in a well-thought-out and disciplined way. But they don't do that by sitting on the shelf.

    Strategic Plan Definition: Our Common Language

    Strategic planning can mean something different to everyone. Let’s set a common definition of what we are talking about.

    There are many popular frameworks and definitions that accompany strategic plans, including EOS Vision/Traction Organizer, The One-Page Business Plan, The One-Page Plan, etc. The frameworks are similar but differ in terminology. I will do my best to describe the components in a way to cover the various terminologies, so we are speaking the same language.

    Strategic Plan Components:

    Core Values: How we should/shouldn’t behave; our beliefs
    Purpose: Why we are in business, our work each day, our picture of the future, our core focus
    Targets/3-Year Picture: Where we want to be in 3-5 years, a picture of our business, target market, planned financials and other accomplishments, our customers’ view of our uniqueness, the promises and guarantees we will fulfill  
    Goals/1-Year Plan: What we plan to do this year, annual priorities, critical numbers we will track 
    Actions/Rocks: How we do it, planned and tracked in chunks (typically quarterly) to meet annual goals
    Schedules: Who will do what by when—setting the stage for accountability management

    RELATED: 3 Simple Brain Hacks for Goal Setting and Achieving

    So, Who Really Cares About All of This?

    First, let’s consider typical stakeholders and how the strategic plan can best help them help your business. Let’s explore stakeholder groups and ideas on how the strategic plan can influence their impact. You might think of others.

    Current Employees: Our core values set expectations for how we treat each other and our customers. The 3-Year Plan and 1-Year Plan create excitement about the company’s future and help employees see why their work is so critical. Schedules directly communicate the significance of each person and the criticality of achieving commitments. The strategic plan is a critical component in new employee orientation, indicating what we expect from employees and what they can expect from others. It provides the foundation for holding people accountable and is most effective when linked directly to performance and compensation management.

    Recruits: Our core values and purpose describe our culture and the work we do. Sharing this helps potential employees better understand the organization and decide if it is a good fit for them. It helps us make the same assessment, especially when linked directly to behavioral interviewing.   

    RELATED: Employee Retention Challenges and Solutions

    Customers: When we share our core values, purpose, long-term vision of who we are, and customer promise, we set the bar for what our customers can expect from us—and what we expect from them. This helps them decide if they want to do business with us. It helps our customer service team know how to interact with customers. To better understand this impact, think of some companies you love to work with and look for strategic planning components on their websites. (You might start with Southwest Airlines and Nordstrom, then check out COSE members’ websites.)

    Advisors/Board of Directors: How do you get the most from expert advisors positioned to help with your business? You must provide the information they need to help you. Starting with your strategic plan. Get their expert input. Gain their alignment and, if needed, their approval. This will provide the foundation for what you communicate to them regarding the accomplishments and status of the business. It answers the question board members often have of, “So what?” when they hear your reports on accomplishments. It helps them evaluate business performance and provide valuable feedback.

    Those with a Financial Interest: The strategic plan helps build trust with stakeholders, including those providing financial investment and support. It is the foundation for the details we provide, from what our business does and why, to target customers, financial projections, and employee plans. It’s the glue that ties the whole business story together.

    Third Parties (Vendors, Consultants, etc.): As with our customers, our core values, purpose, long-term vision help us articulate the softer side of what we need from the third parties. It helps them understand what we expect and it also helps us decide who to work with. Not only do we want to encourage and support other businesses sharing our values, but it makes working together easier and more enjoyable.

    You – the Business Owner/Leader: You have a burning vision for what you want your company to be. You know what it looks like and you believe you and your team can make it happen. The strategic plan is how you share what’s in your heart and mind. It’s the necessary tool for everyone to see what you see and feel what you feel. It paints the picture of your future and guides the initial steps to take you on your journey.

    What’s the Answer? Do I Need It?

    Consider the answers to these questions:

    Do I need to better align my team around common culture and goals vs. individuals working on their own priorities?
    Do I need a structure to communicate with my board, gain their input, and communicate progress on agreed upon goals vs. reacting to questions and changes in direction?
    Do I need common messages to consistently communicate with customers, vendors, financial supporters vs. scrambling to effectively describe who I am and who I do business with?
    Do I want to know when I have achieved measurable goals vs. chasing moving targets?
    Do I want to manage change vs. letting chaos manage me?

    If you answered yes to any of the above, you would benefit from a documented and managed strategic plan. Other side effects typically include improved business outcomes, reduced stress, freed up time, better focus on what we do best, employee alignment, and—yes—more fun running your business!

    Watch for related upcoming articles on:

    Strategic Planning: How Do I Get Started?
    Putting the Strategic Plan to Work
    Communication Planning
    Accountability Management
    Fractional Leadership: Can a Part-Time Leader Help Your Business?

    Janet Gosche helps business leaders struggling with too many priorities by providing systems and tools to clearly define their business strategies and lead their teams to execute. Previously, Janet was a senior executive at Accenture, global practice lead at Avasant, and COO/CSO at cybersecurity firm JurInnov, where she focused on strategy, complex program management, vendor relationships, and organizational change. 216-496-6658.

  • Email
  • More in Operations