Social proof and security risk

Do you check the user reviews before buying something online? Almost all of us do. User reviews are a kind of social proof: they help customers make a decision, and reassures them that the decision is a good one.

This is why people put customer testimonials on their B2B websites too. People will trust that your product or service is a good one, based on the evidence that other people (that your audience would trust) approve of your product. This makes them more likely to buy your product, you hope.

But here’s the potential catch. Suppose you buy a software product (let’s call it X), for example, from Company Y. It works really well for you, and you provide a testimonial for X, which they put up on their website at Y.com, along with your company name.

So far, so normal. But nobody (yet) knows that the software product you bought contains a security weakness, which means that an attacker could reach into your business information and steal it, or even corrupt it.

And then some cunning attacker spots that weakness, and works out how to exploit it.

They know the software, and which company created it—and thanks to the glowing testimonials from you and several of your peers at other companies, they also know which companies are using it. This, handily for them, provides them with an initial target list.

We’re not suggesting that you refuse to provide testimonials for products that you really rate. Rather: think carefully about the information that you provide to go alongside it. Perhaps consider referring to your company generically, rather than by name, even if they do offer you a link back to your website… ‘IT Manager, Telecoms Company’, for example.

So, being more generic when providing a testimonial helps to:

Reduce the amount of information publicly available about your business.
Reduce the risk of a targeted attack based on publicly available information.

If you’d like some help with cyber security for your organisation, do contact us at Click and Protect, either by filling out our website form or by calling us direct on 0113 733 6230. We’re also on LinkedIn.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Balancing security and social proof

You might also be interested in: