How believable, how convincing, how secure is your new Recruitment Agency web site?

We live in a web of intrigue. The internet contains much that is good and (even excluding the pictures of beheadings sponsored by Facebook), much that is abhorrent, deceptive and fraudulent.

So how do people know you are who you say you are? How believable, how credible, how convincing is your web site? As a consequence, since the majority of your new customers will have visited your web siteL How believable, how credible, how convincing is the face of your company?

This article explains in simple terms how you can prove you are who you say you are on the Internet and demonstrate you're doing things properly to your potential new customers.

So you are a new company. You have a new web presence. At first no one knows you from Adam. Someone with a little IT knowledge decides check you out before doing business with you. One of the simplest things they can do is click on your web site address in their browser.

What does the inquisitive browser see?

They will find one of three options (these illustrations are taken from Firefox, other browsers will have some styling differences):

 

Uncertified and unverified

 uncertified.png

This will also be displayed on some sites where you have not yet logged in. Once you start the log in process, (in the example above) you are automatically transferred to a secure page.

This level of security is perfectly adequate for simple web sites without a log in. Once you send a user name and password to a web site, then it is imperative that you do so over a secure connection that prevents eavesdropping.

Any recruitment agency that stores personal data is required to observe the regulations of the Data Protection Act. This means you would be liable for prosecution and substantial fines if you do not protect your data by having a log in over a secure connection.

If you are providing services to any Governmental organisation: for example the NHS or Local Government and if your web site is part of your submission to them, they will almost certainly expect your web site to be validated.

 

Site verified, site owner unverified

 site only authentication.png

If you click more information, then you get little more:

site authenitcaion more.png

And finally if you click to view the certificate its self:

site certificate.png

The thing that may worry new customers is the "unknown" label. The question is why? Well in truth it is more of a marketing thing than pure security. If you are investing in a working web site for your business then marketing, credibility and verification are important.

 

Site verified and site owner verified

 Organisation or Company authentication.png

As you can see the site is names and the backing company Name and address is verified. This can be easily cross checked. However the fact that it is there is often enough.

Drilling down by click on the button for more Information.

Organisation more.png

And the certificate itself:

company certificate.png

 The reason that "issued to organisation unit" information is absent is that this certificate may apply to multiple sites or domains. In the case we recommend, this will have your OU (Organisational Unit)  filled in.

 

So you have a new site and the developer says we need money for the "site certificate". What are the cost implications?

We are taking the example of a major player in the business of certifying web site verification. They are known as "GeoTrust"

In simple terms for around £65* you can have a domain validation certificate for 2 years.  This can be done same day. The certificate will display only the lock symbol and if you mouse click it then you will get only the web address as authenticated by (verified by) "Geotrust". You will not get company information i.e. it only says this really is domain xyz.co.uk. It's the lowest, least expensive level. It's a level that Google and Microsoft use. But if the site certificate says it really is a household name like Google or Microsoft, then company information is superfluous.

*The prices are approximate they are in dollars and the exchange rate varies. They were correct as of 2013 please check the current price list.

A more comprehensive and to be honest far more credible (if you are an otherwise unknown name) for around £420* you can have a Company aka Organisation certificate for 2 years.  This can be done same working week. The certificate will display the lock symbol and if you mouse click it then you will get the web address as authenticated, verified and also company information. (Name and address) verified by "Geotrust" i.e. it says this really is the site you say you are, this is the name and address of the site owner and the site is validate to the newest and highest level possible.

In many ways its annoying and frustrating that an international company known by their web address can get away with the cheapest certificate, whist a newer and much smaller companies needs to go to the extra cost of providing address information to give them credibility and allow cross checking with other sources. Unfortunately it's just the way of the world.

For the latter you will need to supply either a vat registration for the company, D&B number or Company registration details. There will be an additional authentication process over and above the simple site verification. This will involve a phone call to you from a publicly published number. There might be other documents required, but essentially they need to determine sufficient information to verify you are who you say you are.

*The prices are approximate they are in dollars and the exchange rate varies. They were correct as of 2013 please check the current price list.

In both cases the ultimate issuing group is Symantec owned. There is a "bond" guarantee if the certificate is broken due to internal negligence of the issuing group. The bond is not trivial, but I'm pretty certain no one has ever collected.

 

How to

Setting these things up is not technically difficult. However it is a bit of a minefield and you may opt for a product with some fine sounding name. It may not be the choice you thought you were making. In general in security certificates, if it's cheaper, then something is missing. On the other hand, you do not want to pay for numerious site options if you only have one site.

When you come to the Ava route for your Recruitment Agency web site, we will give you the above three options. You are free to choose. Your web site will then be fully authenticated to the level you have chosen. We do recommend you go with the more comprehensive and credible Organisation or Company authentication. It's not to pad our profit margins. We provide this service at cost. We just want your business to be crediblefrom the start. We want yoursite and business to be as successful as it can be.

If you do opt for the greater level of Organization / Company verification, then your (Public) Company information will be verified. You need make sure your public information is uptodate especially with phone numbers and addresses. Examples of the sources used for company verification are Company registration, Vat registration, Dun and Bradstreet entry or other. You should expect a phone call as part of the manual verification process.

 

Other useful links

Starting a Recruitment Agency: Phones

Starting a Recruitment Agency: The web

The Data Protection Act

Data protection in the UK: the Information Commissioners Office (ICO)

Dun and Bradstreet

 

Contact Information

To find out more about Ava solutions you can contact us in a number of ways:
Follow Us...