Posts

importance of website security

The Importance of Website Security

Not having a secured website is like leaving your cash register and front doors wide open. With so much of our information online and ecommerce as a huge source of revenue for many businesses, it’s more important than ever to protect yourself, your site and your customers.importance of website security

Beyond the security risk, if your website and product listings don’t appear trustworthy, your site is likely to repel customers.

At IdeaZone, our team of digital marketing and web development experts will build a secure website for you. Our monthly maintenance packages include security and performance scans as well as regular updates. And if the unthinkable ever happens, we include free site restoration if your site is hacked.

Top Reasons to Make Sure Your Site Is Secure

Cybersecurity attacks put personal information at risk

Credit card information, social insurance numbers, theft of intellectual property, and hacked systems/data all pose a very real risk to your business and those who do business with you. In 2017, the Equifax breach was perhaps one of the most famous cybersecurity breaches in Canadian history, which “exposed the personal data of more than 143 million customers.”

HTTPS sites rank higher

(Source- Google Webmaster Central Blog) Google has used HTTPS since 2014 to determine which sites rank better. Sites without SSL certificates are hard-pressed to get preferential treatment from Google.

Phishing attacks damage the global economy

(Source- Cybersecurity Ventures) Cybersecurity Ventures predicts that by 2021, global cybercrime will cost $6 trillion annually. This finding is backed up by media, industry experts and senior government officials, who have all found that the rate of cybercrime and online ransoms have been increasing.

Protecting Your Site

Whether you DIY or hire a team of web security experts like IdeaZone, the following steps will help to defend your website and protect against online threats.

Have a secure connection encrypted by HTTPS

If you’re not sure what this is, check out our full post here. HTTP sites that haven’t been converted to HTTPS are flagged as not secure. An unsecured site is a huge red flag to consumers, so definitely take the time to get set up with an HTTPS connection.

You can do this by purchasing an SSL certificate (Secure Sockets Layer). SSL is basically proof that you are who you say you are, and your site is safe. This security upgrade not only protects your site, it protects your visitors’ information. Read more about SSL here.

Use legitimate, updated plugins

It’s important to make sure that any plugins you’re using are active and up to date (included in our monthly maintenance package). A neglected plugin or one from an iffy source can lead to incompatibility with themes and many other aspects of your site. We build sites using WordPress because it updates often for an extra layer of protection.

Look at your payment program

When your customers are plugging in sensitive contact and payment information, you want to make sure that it is as secure as possible. Invest in safe online payment methods like VeriSign. Take your time to choose a reputable and ironclad payment program.

According to TechRadar.com, PayPal leads the pack, mainly since it’s a household name and many users will already have accounts. However, PayPal isn’t the only player, so you might want to ask other business owners, check online reviews and shop around before you commit to an online payment program.

Create security alerts that will notify you in real-time

A foreign IP, multiple failed login attempts, invalid phone numbers, or many identical orders being placed at the same time are all suspicious activities. Being alerted to these types of activities happening in real time will let you—and the staff you’ve put in charge of security—stop fraud immediately.

Add a firewall to your domain

An Endpoint Web Application Firewall (WAF) acts as an internal security guard for your site. Web firewall apps are easy to get and are made to block potential hackers right away. Virtual patching is also a simple way to block all the different aspects of your site, from third party coding to plugins and hosting platforms.

Have an ironclad password and solid login

Avoid using important dates, names of family members, or anything that can be easily solved. Number sequences 1,2,3, your anniversary, etc.… are all so easily guessed by even the most inexperienced hackers and bots.

Instead, use a mixture of letters, numbers and symbols, upper and lower case. When you change it, change it completely. If you’re the type to forget your passwords, a notepad or specialized password keeper book will really help. Lock it in a safe and record new passwords or logins as you create them. Change the password every quarter (or more often) setting a reminder for yourself so you don’t forget.

Choose specific staff for admin roles

The greatest threats to a company’s website security actually comes from inside the organization itself, so when you’re looking at security plugins and updates, also consider who can access the inner workings of the site and any potentially sensitive information.

Prevent this information from reaching too many people by appointing a few staff members as website admins. Also, block repeated login attempts to add an extra layer of security and prevented anyone not authorized from accessing the system.

 

Digital marketing and security go hand in hand to build effective, secure websites. In today’s increasingly online world, it’s extremely important to ensure that yours and your clients’ valuable information are protected. Our expert team will work with you to build your website, content and company image in the most secure way possible. Based in Victoria, BC, we provide digital marketing, branding and web design for companies worldwide. Contact us today to get started.

Do I Really Need to Upgrade my Website from HTTP to HTTPS?

The short answer is a resounding YES!

HTTPS stands for HyperText Transfer Protocol Secure and its purpose is to secure communication on the internet. By securing communication, we’re referring to protecting the privacy and integrity of data that is exchanged while users are visiting a website.  If the data is not secured, then hackers are able to intercept data that is being transmitted through these insecure (i.e. HTTP not HTTPS) websites.

When HTTPS first came onto the scene, it was mostly ecommerce websites that needed to worry about securing their websites. This was because these websites were processing credit cards and collecting other important personal information about their visitors. It made sense to encrypt personal data over ecommerce sites but, as the internet progressed, it made more and more sense to make sure that every website was secure.  And that’s where Google stepped in.

Google has long been making recommendations that webmasters should make the switch to HTTPS. They were even going so far as to say that it was a ranking factor back in 2014 insomuch as they would give an HTTPS enabled website precedence in the search results.  Then, in July of 2018 Google made it mandatory that all websites should have HTTPS.  And by mandatory, they meant that they were going to start calling out and downgrading non HTTPS sites.

Now, Google doesn’t own the internet and so it’s really up to the website owner if they want to change over to HTTPS or not. What Google does own, however, is the largest search engine in the world (well, 2 of the largest search engines if you include YouTube) as well as one of the most popular web browsers, Google Chrome. That kind of means that if you want to get traffic to your site, you had better listen to what Google is telling you to do.

So how does HTTP/HTTPS affect search engine results?

We’ve already stated above that Google has said that they will favour HTTPS sites over HTTP sites in the search results.  This translates into less and less HTTP sites appearing in the top search result pages.  Google’s ultimate goal is to ensure that the websites they are showing in the search results are secure (and relevant). The only reason that you’ll still see insecure sites for any given search query is because, even though the site is insecure, Google still thinks that it will match the searcher’s query better than another secure site further down its index.

How does a non-HTTPS enabled site affect the user?

Most (if not all) web browsers these days have some type of warning that is meant to inform the user that the site they are visiting is insecure.  Different browsers show these warnings in different ways.  Apple’s Safari browser is one of the browsers that shows the least in the way of warnings for insecure sites, Mozilla Firefox is somewhere in the middle while Google’s Chrome browser does its best to put it front and center.

In the Firefox browser, the warning is not super prevalent as you can only see it by way of a shield, which, if you didn’t know what it was, you would probably just ignore. Clicking on that shield, however, tells the user a little more information about the insecure site they’re visiting. In this instance, the connection is not secure (not HTTPS enabled) and the browser is blocking some content on the site. This is usually things like Google Analytics as well as some social media platforms that use some type of tracking.

Firefox shows a bit more of a pronounced error when the site has HTTPS enabled but is still not secure because some of the content (oftentimes images) is being served from insecure sources. This lock with the exclamation mark is what warns users that the site they are visiting has insecure content.

Some web browsers – such as Google’s Chrome browser – warns the user that they are about to visit an insecure site. This can come by way of a large interstitial warning page such as:

If a user comes across this page, they are not likely going to click the Advanced button and then hit the option to proceed to your website.  Would you?  Even if the page above doesn’t show up, the user will still see an exclamation mark beside “Not Secure” to the left of the URL (i.e domain name) in the browser bar.  Below are a couple more warnings that Google Chrome users might see when they are visiting an insecure site.  Just more signs telling the user not to proceed to the site…

 

So What Does All This HTTP(B)S Mean to Business Owners?

In a nutshell, it means that your business is losing customers and your brand is losing trust. From a user’s perspective, if they can’t trust your website, why would they take the leap and trust your business?

Is Your Website Insecure?

If you currently own a business that has a website online, then visit your site online to see what it looks like in different browsers. Look at your website through the eyes of one of your customers. In browsers where you don’t automatically see the starting HTTP / HTTPS of the website URL, then double click on the website URL (as if you’re going to copy/paste the link) and it should show up at that point.

Upgrading and securing your website is not as hard as you might think (if that’s what you do for a living).  Once we know what your site is built with (ie. custom coded, WordPress, Wix etc), then we can give you a pretty good idea of how best to make the change.

Get in touch with us today to find out how we can help secure your website.