The Basics of Online Website Security

Website security is the cornerstone of a successful online business.

Why? It’s simple: people only want to give their money and their business to companies and organizations that they can trust. If a retailer has a website that doesn’t feel secure to the visitor, nothing else matters. The online consumer will go elsewhere to fulfill his or her needs. Here are some basic online website security practices that all e-commerce business owners should employ to make sure that their website is a secure, successful online destination.

SSL Certificate

Hypertext Transfer Protocol with Secure Sockets Layer (SSL), or HTTPS, is a protocol to transfer data over the web that should be used instead of HTTP on all pages where data is created. Once again, the issue here is all about encryption. With HTTP, information is not encrypted — instead, it is sent as plain text, which means that anyone can intercept it and read what has been sent.

Further, many customers know about this insecurity and tend to avoid e-commerce websites that only use HTTP. This means that keeping HTTP could hurt a retailer’s security and their business over time. HTTPS should at least be used on pages that collect and store data so that site visitors customers can feel secure sending their information.

The SSL Certificate works to ensure that the sensitive information that is sent over the internet is encrypted and secure. When retailers or site visitors send information or data over the internet, it gets passed through multiple computers before reaching its destination server. At any point during this chain, it could get stolen if it is not encrypted with an SSL Certificate.

How does the certificate work? It essentially makes all sensitive information —which includes passwords, credit card information, and usernames — unreadable for everyone except the destination server, thereby protecting all communication from eavesdropping and theft.

Some people think that obtaining an SSL certificate essentially verifies an entity’s credentials, certifying that they are who they say they are and that their site is safe to visit. But this is not true. third-party security verification teams, like Trust Guard, can verify a company’s business identity for consumers, leaving a trust seal on the merchant’s website to confirm their identity.

 

online website security

PCI Compliance

The PCI Security Standards Council is a global group — whose founding members include American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. — formed to develop, enhance and maintain security standards for payment account security.

Together, the members of this group came up with a set of security requirements, known as the Payment Card Industry Data Security Standard (PCI DSS) that all merchants or organizations that process, store, or transmit credit card information must adhere to. These guidelines ensure that all stored credit card data is protected and that sensitive information is secure throughout the transaction process.

Staying PCI Compliant and ensuring that all stored credit card data is protected greatly reduces the risk of this sensitive information being stolen. Keeping this data secure is extremely important for all online retailers If cardholder data is stolen, their credit can be negatively affected and they could lose credibility, money, and even their business. Scanning your site periodically for potential vulnerabilities will apprise business owners of website security holes that they can then fix before hackers have a chance to mess things up.

DoS and DDOS protection

During both denial-of-service (DoS) and distributed denial of service (DDoS) attacks, hackers attempt to block legitimate users from accessing information or services by flooding a network with requests, thereby overwhelming the bandwidth of the targeted system and preventing legitimate requests from coming through. While both attacks work in the same way, the key difference is that a DoS attacker usually uses a single computer and internet connection, while a DDoS attacker uses multiple connected devices, making the flood of information that much larger harder to deflect.

Daily monitoring of security vulnerabilities, as well as setting up effective, well-configured firewalls can prevent this attack traffic from reaching your computer.

Use a Firewall

As the name suggests, a firewall is a hardware or software system that essentially works as a wall or gateway between two or more networks, permitting authorized traffic and blocking unauthorized or potentially malicious traffic from accessing a network or system. Like an actual wall.

It essentially protects what is inside a network from the outside — a.k.a from other networks or from threats on the internet like backdoor and DDoS attacks. Since e-commerce websites have a lot of inbound traffic, they need firewalls to protect themselves against malicious entry. There are many different kinds of firewalls, but two very effective firewalls for online retailers are application gateways and proxy firewalls. Both function as intermediary programs between two or more networks, meaning that incoming traffic has no direct connection or access to a retailer’s network.

Application Gateways
With an application gateway in place, there are two lines of communication: one between your computer and the proxy and one between the proxy and the destination computer or network. It’s essentially a checkpoint at which all network information has to stop. By serving as this middle point, application gateways help hide and protect your network. They only letting in traffic – or packets – that have been authorized.

Proxy Firewalls
Proxy firewalls are among the most secure. Why? Like the application gateway, the proxy serves as an intermediary connection. However, they take it one step further. Instead of your network connection going all the way through, a new network connection is started at the proxy firewall. This means that there is no direct connection between systems at all, which makes it even harder for attackers to discover your network and get in.

It is important to note that, for a firewall to be effective, it has to be properly configured. What does this mean? Well, firewalls don’t automatically know which traffic is malicious — they need to be programmed with this information. By staying on top of all these website security measures, online retailers can effectively build their customers’ trust and their own company’s reputability, taking the first steps to ensuring that they have a successful, long-lasting online presence.

 

Special thanks to Hubspot for their article on the subject of online website security.

Report Shows an Increase in DDoS & Web App Attacks

web app attacksAccording to Acamai’s State of the Internet/Security Report for Q1 of 2016, there has been an increase in DDoS and web app attacks.

For those of you who might not know, DDoS is short for Distributed Denial of Service. DDoS is a type of Denial of Service (DoS) attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a DoS attack.

According to the report, there has been a 23% increase in DDoS attacks and a 26% increase in web application attacks, compared with Q4 2015, setting new records for the number of attacks in the quarter. The rise in repeat DDoS attacks, with an average of 29 attacks per targeted customer – including one customer who was targeted 283 times.

PCI compliant security scanning from Trust Guard can help protect your website from hackers by monitoring the level of security of your site. They then send you a detailed report to inform you that your site is safe or that one or more of over 75,406 vulnerabilities that hackers use to infiltrate sites and servers are readily accessible to them.

With this report, you and/or your hosting company can quickly repair the issue. A new scan of your site from Trust Guard will show whether or not you fixed the issue. Once your site passes its scan, they will continue to monitor – since new vulnerabilities are being found every day.

If you’d like, Trust Guard can even provide you with a trust seal to display at strategic locations on your website (above the fold and on your check-out page) so that you can show your online visitors and potential customers that you take their safety and security seriously. These seals are guaranteed to increase your online sales.

For a free scan to see where you stand regarding your website’s level of security and potential for web app attacks, visit freepciscanning.com.

To view the entire report from Acamai, click here.

Password Manager Last Pass’ Servers Were Breached

password

What are you doing to protect your password?

Here’s another example of a large security firm getting hacked. In June of 2015, Last Pass’ servers were breached. The company sent a letter out to their customer base stating that their team “discovered and immediately blocked suspicious activity” on their network.

The good news is it appears hackers didn’t get away with anyone’s encrypted passwords or the ‘vaults’ of website/login information stored on their servers. And although it was a bad breach, the consensus among security experts is that it could’ve been a lot worse.

Of note, Last Pass is currently defending against potential account theft by requiring email verification—or multi-factor authentication if enabled—whenever a new login comes from an unknown device or new IP address. An attacker would need access to your email account or authentication app on top of cracking your Last Pass master password to get in.

Most small online business owners don’t know that they are much more at risk of their sites being hacked than a huge company like this. That’s because Last Pass and others like them conduct several security measures to keep hackers away than most small business owners. They all scan their sites for vulnerabilities – holes hackers use to access their sites and servers. Do you?

FreePCIScanning.com makes it easy for small businesses to see if their site is safe and then make the changes necessary to protect their site from breaches if the scan fails. Like the name of the site says, the scan is free and is PCI compliant – meaning that the Payment Card Industry (PCI) accepts the scanning process because it is carried out by an approved scanning vendor (ASV). Keep your site safe and free from hackers by letting Trust Guard, the leader in website security, monitor your site and keep it safe. Visit FreePCIScanning.com today.

Kaspersky Security Firm Admits it Was Hacked

kasperskyKaspersky, one of the largest cyber-security firms in the world confirmed that it had been hacked.

According to the company, the sophisticated attack stayed away from user information and focused instead on Kaspersky’s own systems and intellectual property. The company has since fixed the hole that allowed for the attack. Kaspersky Lab CEO and founder Eugene Kaspersky wrote, “We discovered an advanced attack on our own internal networks. It was complex, stealthy, it exploded several zero-day vulnerabilities, and we’re quite confident that there’s a nation state behind it.”

What’s troubling is how many e-commerce business owners can see a company like Kaspersky get hacked and still blindly believe that hackers will somehow deem their company unfit or unworthy to hack. PCI compliant vulnerability scans are now required for any company that accepts credit cards. But some companies still only scan their sites quarterly instead of daily, fully aware that hundreds of new vulnerabilities are discovered each and every month.

Kaspersky dubbed this attack Duqu 2.0. It’s named after a specific series of malware called Duqu, which was considered to be related to the Stuxnet attack that targeted states like Iran, India, France, and the Ukraine in 2011.

The attackers behind Duqu 2.0 were hoping to infiltrate Kaspersky’s networks to learn more about its services, the blog post revealed. It added that the group behind Duqu 2.0 “also spied on several prominent targets.” The hackers, in their attempt to infiltrate Kaspersky, clued the company into the next generation spying technologies hackers are developing.  “They’ve now lost a very expensive technologically-advanced framework they’d been developing for years.”

$445 Billion in Cyber Attack Expenses in 2014

The World Economic Forum states that cyber crime alone cost the global economy US$ 445 billion in 2014.

CyberFrom personal finances to business operations and national infrastructure, public and private services and amenities are increasingly managed via some form of computer network and are consequently vulnerable to cyber attacks. The internet is not a fad, it is the way we do commerce and communicate politically, personally, and professionally.

One way to help improve the security of online communication and e-commerce throughout the world is for responsible countries and companies to scan their websites and servers on a daily basis for as many vulnerabilities as possible using reliable companies like Trust Guard and their PCI Compliant Approved Scanning Vendors.

To read the full story, Click Here.

How to Keep your Website safe and secure for holiday shopping.

safe and secure‘Tis the season. Along with Christmas cheer comes increased online shopping and an ever pressing need for online security. Customers value their hard-earned money and it is important that the websites they visit and shop at keep their payment card information safe and secure. If they do not trust the website, they will go somewhere else.

Here are some tips to help make your website safe and secure for holiday shoppers.

Make sure that your website has deployed SSL (Secure Sockets Layer) from a trusted third-party source on each web page.

SSL certificates are not enough. It is also important to be PCI Compliant and have your website scanned regularly for vulnerabilities and security holes. Not only will this keep your website safe and secure. It will also save you from hefty fines and the serious consequences that come from a security breach.

Displaying Trust Seals or marks will let customers know that you make their security a priority and that you follow the PCI standards by completing a PCI scan. The trust marks inform your customers that your website is credible, safe and secure. It increases their confidence and builds a relationship of trust.

Online safety is very important, but so is physical safety. If you own a physical shop, it is important to have safety measures in place so that you business assets are protected. Also make sure that the physical hardware that allows you to run your website is safe and secure.

By taking the time and effort in having a secure website, your customers can shop with confidence, allowing you both to enjoy the holiday season.