The Basics of Online Website Security

Website security is the cornerstone of a successful online business.

Why? It’s simple: people only want to give their money and their business to companies and organizations that they can trust. If a retailer has a website that doesn’t feel secure to the visitor, nothing else matters. The online consumer will go elsewhere to fulfill his or her needs. Here are some basic online website security practices that all e-commerce business owners should employ to make sure that their website is a secure, successful online destination.

SSL Certificate

Hypertext Transfer Protocol with Secure Sockets Layer (SSL), or HTTPS, is a protocol to transfer data over the web that should be used instead of HTTP on all pages where data is created. Once again, the issue here is all about encryption. With HTTP, information is not encrypted — instead, it is sent as plain text, which means that anyone can intercept it and read what has been sent.

Further, many customers know about this insecurity and tend to avoid e-commerce websites that only use HTTP. This means that keeping HTTP could hurt a retailer’s security and their business over time. HTTPS should at least be used on pages that collect and store data so that site visitors customers can feel secure sending their information.

The SSL Certificate works to ensure that the sensitive information that is sent over the internet is encrypted and secure. When retailers or site visitors send information or data over the internet, it gets passed through multiple computers before reaching its destination server. At any point during this chain, it could get stolen if it is not encrypted with an SSL Certificate.

How does the certificate work? It essentially makes all sensitive information —which includes passwords, credit card information, and usernames — unreadable for everyone except the destination server, thereby protecting all communication from eavesdropping and theft.

Some people think that obtaining an SSL certificate essentially verifies an entity’s credentials, certifying that they are who they say they are and that their site is safe to visit. But this is not true. third-party security verification teams, like Trust Guard, can verify a company’s business identity for consumers, leaving a trust seal on the merchant’s website to confirm their identity.

 

online website security

PCI Compliance

The PCI Security Standards Council is a global group — whose founding members include American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. — formed to develop, enhance and maintain security standards for payment account security.

Together, the members of this group came up with a set of security requirements, known as the Payment Card Industry Data Security Standard (PCI DSS) that all merchants or organizations that process, store, or transmit credit card information must adhere to. These guidelines ensure that all stored credit card data is protected and that sensitive information is secure throughout the transaction process.

Staying PCI Compliant and ensuring that all stored credit card data is protected greatly reduces the risk of this sensitive information being stolen. Keeping this data secure is extremely important for all online retailers If cardholder data is stolen, their credit can be negatively affected and they could lose credibility, money, and even their business. Scanning your site periodically for potential vulnerabilities will apprise business owners of website security holes that they can then fix before hackers have a chance to mess things up.

DoS and DDOS protection

During both denial-of-service (DoS) and distributed denial of service (DDoS) attacks, hackers attempt to block legitimate users from accessing information or services by flooding a network with requests, thereby overwhelming the bandwidth of the targeted system and preventing legitimate requests from coming through. While both attacks work in the same way, the key difference is that a DoS attacker usually uses a single computer and internet connection, while a DDoS attacker uses multiple connected devices, making the flood of information that much larger harder to deflect.

Daily monitoring of security vulnerabilities, as well as setting up effective, well-configured firewalls can prevent this attack traffic from reaching your computer.

Use a Firewall

As the name suggests, a firewall is a hardware or software system that essentially works as a wall or gateway between two or more networks, permitting authorized traffic and blocking unauthorized or potentially malicious traffic from accessing a network or system. Like an actual wall.

It essentially protects what is inside a network from the outside — a.k.a from other networks or from threats on the internet like backdoor and DDoS attacks. Since e-commerce websites have a lot of inbound traffic, they need firewalls to protect themselves against malicious entry. There are many different kinds of firewalls, but two very effective firewalls for online retailers are application gateways and proxy firewalls. Both function as intermediary programs between two or more networks, meaning that incoming traffic has no direct connection or access to a retailer’s network.

Application Gateways
With an application gateway in place, there are two lines of communication: one between your computer and the proxy and one between the proxy and the destination computer or network. It’s essentially a checkpoint at which all network information has to stop. By serving as this middle point, application gateways help hide and protect your network. They only letting in traffic – or packets – that have been authorized.

Proxy Firewalls
Proxy firewalls are among the most secure. Why? Like the application gateway, the proxy serves as an intermediary connection. However, they take it one step further. Instead of your network connection going all the way through, a new network connection is started at the proxy firewall. This means that there is no direct connection between systems at all, which makes it even harder for attackers to discover your network and get in.

It is important to note that, for a firewall to be effective, it has to be properly configured. What does this mean? Well, firewalls don’t automatically know which traffic is malicious — they need to be programmed with this information. By staying on top of all these website security measures, online retailers can effectively build their customers’ trust and their own company’s reputability, taking the first steps to ensuring that they have a successful, long-lasting online presence.

 

Special thanks to Hubspot for their article on the subject of online website security.

How to Keep your Website safe and secure for holiday shopping.

safe and secure‘Tis the season. Along with Christmas cheer comes increased online shopping and an ever pressing need for online security. Customers value their hard-earned money and it is important that the websites they visit and shop at keep their payment card information safe and secure. If they do not trust the website, they will go somewhere else.

Here are some tips to help make your website safe and secure for holiday shoppers.

Make sure that your website has deployed SSL (Secure Sockets Layer) from a trusted third-party source on each web page.

SSL certificates are not enough. It is also important to be PCI Compliant and have your website scanned regularly for vulnerabilities and security holes. Not only will this keep your website safe and secure. It will also save you from hefty fines and the serious consequences that come from a security breach.

Displaying Trust Seals or marks will let customers know that you make their security a priority and that you follow the PCI standards by completing a PCI scan. The trust marks inform your customers that your website is credible, safe and secure. It increases their confidence and builds a relationship of trust.

Online safety is very important, but so is physical safety. If you own a physical shop, it is important to have safety measures in place so that you business assets are protected. Also make sure that the physical hardware that allows you to run your website is safe and secure.

By taking the time and effort in having a secure website, your customers can shop with confidence, allowing you both to enjoy the holiday season.