Is your network or site at risk?
Web security is relative and has two components, one public and one internal. Your relative security is high if you have few network resources of financial value, your company and site aren’t controversial in any way, your network is set up with tight permissions, your web server is patched up to date with all settings done correctly, your applications on the web server are all patched and updated, and your web site code is done to high standards.
Web security risk – should you be worried?
If you have assets of importance or if anything about your site puts you in the public spotlight then your web security will be tested. It’s well known that poorly written software creates security issues. Basically all complex programs either have bugs or at the very least, a weakness point. On top of that, web servers are inherently complex programs. Websites themselves are complex and intentionally invite ever greater interaction with the public.
A web security issue is faced by site visitors as well. A common website attack involves the silent and concealed installation of code that will exploit the browsers of visitors. Your site is not the end target at all in these attacks. There are, at this time, many thousands of websites out there that have been compromised. The owners have no idea that anything has been added to their sites and that their visitors are at risk.
Website code and web security
A website undoubtedly provides some means of communication with its visitors. In every place that interaction is possible you have a potential web security vulnerability. Websites often invite visitors to:
- Fill out a contact form.
- Search the site content.
- Use a shopping cart.
- Create an account.
- Logon to an account.
In each case noted above, your website visitor is effectively sending a command to or through your web server – very likely to a database. However, these limits are not automatic. It takes well trained programmers a good deal of time to write code that allows all expected data to pass and disallows all unexpected or potentially harmful data.
What does SSL stand for?
SSL stands for Secure Socket Layer, a standard encryption technology used to transfer data from the user’s browser to the web server. Websites use SSL encryption to prevent hackers intercepting and misusing the data users leave on a website (via registration, checkout pages as well as contact forms).
Key considerations when getting a SSL certificate
Having a SSL certificate on a business website can largely shape the way purchasers perceive the company. However, SSL certificates come in distinctive forms and there are several things that have to be taken into review when deciding on the right one. By using SSL certificates issued by the trusted authorities, you will protect your visitors from potential attacks. The certificate authorities identify with legal regulations and aim to verify the website with trusted resources.
Beyond the SEO value: security for business benefits
The importance of using SSL has increased recently because Google has decided to treat it as a ranking signal. Nevertheless, its role in advancing a business’ reputation is vital even before it became one of the search ranking factors. This form of security practice may paint a better picture of a company or website, which helps in maintaining a stable reputation.
A recent study showed that people’s decisions aren’t affected that much between websites that use SSL and those that don’t. With people gradually becoming aware of online data security and privacy issues, business websites need to raise their standards.
With commercial websites now serving the global market and collecting user’s personal data in one form or another, employing sufficient security practices is essential for a successful digital strategy. One of the most important web security measures, SSL, has long been established as an industry standard in the UK and other countries, now gaining more attention as one of Google’s search ranking factors. For the SEO world, this means that more webmasters will need to consider improving their website security practices and this will directly improve users’ experience.
Should I use SSL?
If you have a website, especially one with e-commerce, SSL is a must have. Not only does it help keep your customer’s information safe, having SSL on your website keeps their mind at ease as well. You want to make sure whatever you are sending over the internet is going to the right server. From January 2017, Google have begun labelling any websites that don’t have SSL as “not secure”.
TalkTalk hit with record fine for cyber attack
The UK’s Data Watchdog fined TalkTalk £400,000 in October 2015 after the company exposed personal details of thousands of customers. The attack breached 157,000 customer’s accounts to steal data that included bank account numbers, credit cards, names and phone numbers.
The Information Commissioner’s Office said TalkTalk had failed the nation “when it came to the basic principles of cyber security”, and found it to be in breach of the Data Protection Act. The fine was the biggest ICO has ever given, moving close to the maximum £500,000 penalty it can order and comes just months after the new Information Commissioner Elizabeth Denham took the post. Ms Denham has indicated she plans to take a tough line on companies who fail to protect customer data.
“TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease. Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.”
– Elizabeth Denham, Information Commissioner