By Javier Espinoza It's hard enough for big companies to reassure customers that their sites are safe from hackers. So how do small companies make people feel safe?Simply having a site that's well protected against attacks isn't enough, especially when small businesses seem like much easier targets than big operators. Security pros and entrepreneurs say small-business owners need to aggressively sell existing customers and potential ones on the idea that the sites are safe, using a number of methods.Among the tips experts offer:One immediate way to reassure newcomers to a site is to get a "trusted" seal from a third party—like McAfee Secure or Google Trusted Store—that shows the site meets certain safety criteria and is constantly monitored for problems.Getting a badge isn't complicated. With McAfee, for example, businesses simply sign an agreement with the company. From there, they receive a code to put on their site to make the trust mark appear, and then McAfee scans the site daily for potential vulnerabilities."You have to go over the top and really communicate that you have the safest [site] in the universe," says John Jantsch, a marketing consultant. "Make sure that you are placing those badges in the path of customers, that you are communicating those things along the way."Badges are an easy way to give customers a sign of safety. But they're not enough. A site has to give a much broader impression of solidity and safety to drive the message home."You walk into a law office with mahogany walls, you feel good. You walk into a law office with the springs coming out of the couch, you don't feel very good," says Ian Goldman, chief executive of Celerant Technology Corp., a provider of technology to small businesses.As soon as they land on a site, customers need to feel they are in a "high-end professional site" like Amazon or any other big Internet retailer, says Mr. Goldman. This means the site needs to be "clean" and feel "new."Those can be tough to define, since standards for graphics and layout keep changing. But sites should do their best to keep up with styles and get rid of anything that looks clunky or out of date. If nothing else, sites should make sure that their search function is as efficient as possible. "If it's a shoes site, for example, you are able to drill down your search and look for brands first, then color, then size and so on," Mr. Goldman says.It's not enough to impress visitors who arrive at a site. Small businesses must also reach out to existing shoppers—and potential new ones—to let them know regularly about the security steps they're taking to make sure data is safe."A small business should highlight these security measures by sending newsletters to customers and placing security partner information and badges in key entry points to the shopping experience," says Kevin Goodman, an IT consultant in Cleveland.Among other things, he says, businesses should tout ongoing efforts to improve security, how they're training staff to guard against vulnerabilities and (if they have one) a track record of preventing breaches. Audits and certifications by third parties should also be highlighted.He also says entrepreneurs could consider using security as "a differentiator over their competitors. Car manufacturers tout how safe their cars are; although a bit different in nature, so should a business lead with its security and privacy intention and commitment." When cybercrimes make the news, businesses should reach out to customers as soon as possible, says Cynthia Kay, who runs a media production and communications consultancy in Michigan. "There is nothing that instills confidence more than proactive communication," she says. "If there is a lot of chatter about a particular cybersecurity threat, we try to reach out and tell our customers what we are doing to maintain the security of our operation." Behind the scenes, "we don't wait for there to be a problem with our systems. Our IT company is in our door on a routine schedule just to monitor our systems and be sure that any vulnerabilities are addressed. They also remotely monitor our system."Meanwhile, if the worst happens and a breach does take place, companies should quickly reach out to customers and reassure them they are looking into ways to protect their data and limit any damage, says Mr. Goodman. "They should be open and honest about their responsibility and willingness to do the right thing to assure safe e-commerce," he says. Mr. Espinoza is a staff reporter with The Wall Street Journal in London. He can be reached at javier.espinoza@wsj.com.