Why the Yahoo Breach is Bad for Small Business (and How to Change That)

  •    Content strategist for TrustedSite, which provides marketing and security solutions for online businesses.

In mid-December, Yahoo announced that one billion accounts were compromised in a breach that occurred in 2013. It is by far the largest disclosure ever, bigger than the next nine non-Yahoo breaches combined. (Yahoo has the dubious distinction of owning both the first and second largest breaches ever.)

But it's not just the size of the breach that has people so shocked. It's the fact that it wasn't just usernames and passwords that were stolen—security questions were too. And because these contain information that doesn't change (high school mascot, make and model of first car, name of first pet).

This means many accounts all over the internet could now be at risk.

The Yahoo breach was bad. It's far from the only one

Over the last 6 years, breach disclosures have gotten bigger and bigger. First there was the Target breach, exposing 40 million customers. Then there was the Anthem breach, where 80 million accounts were exposed. And then LinkedIn, with 117 million. And then Yahoo (the first time), with 500 million.

Okay, okay. But why should you, Weebly site owner, care?

The Yahoo breach, and all the others, hurt your business

The breaches have now gotten so big, and so frequent, that it's not just the breached sites that are suffering. Your business is suffering too.

Why? Because Yahoo is so big, their customers are your customers.

And even though you have absolutely, positively nothing to do with any kind of security breach, your customers are still worried.

About identity theft. About malware. About phishing.

Basically, the breaches have created a climate of fear and worry among everyone on the internet, on every site they do business with. Including yours.

The cost of doubt online is real

Consider the following: 45% of people no longer trust retailers to keep their personal information safe.

And another 45% of people have also abandoned their shopping carts due to security concerns, according to a 2013 study by Harris Interactive.

What do all those shopping carts, abandoned due to breaches like Yahoo's, cost? About $260 billion dollars every single year.

Yes, you read that right. But that's just the bad news.

The good news: you can win back those worried customers. And close on those abandoned carts

The best way you can ease the minds of customers who are worried after the Yahoo breach is to show them your site is safe.

And while that may sound like a tall order, as a Weebly site owner, all it will really take is a few trips to the Weebly App Center.

So, without further ado, here is how to show your site is safe:

1. Secure your entire domain with an SSL certificate

If you're selling on your Weebly site, it means you already have an SSL certificate on your checkout page, because your checkout takes place on a weebly.com domain.

However, we strongly encourage you to have an SSL certificate on your entire domain.


For one, because even though SSL certificates encrypt data, they also act as powerful trust indicators, especially since web browsers like Chrome have changed the way SSL certs are displayed. For example, Google just changed its SSL display to this:

SSL Display

In the old days, it used to just be a lock and the green https. Now, it says Secure.

And if you don't have an SSL certificate—look out! Google will shame you with the words "Not Secure" in red in the URL bar, and you definitely don't want that.

This kind of message from a company as trusted as Google will have a strong impact on your customers, whether they're on your checkout only or on your contact page, which is why it's so important you have one.

As a Weebly customer, avoiding Google's public shaming is as easy as upgrading to a Business account, where your entire domain will have an SSL certificate.

2. Let visitors know that you've been tested by a trusted third-party

SSL certificates are all well and good, but ultimately, if a user is worried about malware or phishing or identity theft, it's not going to cut it.

That's why you need a service that directly addresses your customers who are security conscious (and in the era of big breaches, that's an increasingly large chunk of the population).

The McAfee SECURE service is a free tool that displays a trustmark in the bottom right corner of your site. It lets visitors know your site has been tested and certified by Intel Security, formerly McAfee, one of the most trusted names in internet security.

But users want more than just third-party referrals.

3. Use social proof to show your business is legitimate

Social proof is a fancy way of saying "using your customers to get new customers". The basic idea is that customers trust people like them more than they trust anybody else.

The classic social proof is the customer review.

Customer reviews are so crucial to the selling process in part because only 12% of consumers don't read them before making a buying decision. By failing to include customer reviews, you're excluding the vast majority of potential customers.

And even though they're posted by people they don't know, 88% of people trust customer reviews as much as personal recommendations.

Seems crazy, but it's true.

That's why a reviews app like Comments Plus is vital. It allows you to show your customers that you have other customers, and that those other customers really like you and your products. It's the oldest marketing in the book for a reason—it works.

When you do install a social proof app, be sure to read the guidelines the marketing geniuses at Kissmetrics wrote up about social proof. It's a must read!


Easing consumer fear is a crucial step to recovering your part of the $260 billion dollar pie that's lost every year due to security concerns. Thanks to the App Center, it's super easy—and cheap to mitigate the damage caused by the Yahoo breach (and others), so don't pass it up!