It’s all too common that we hear about a new security breach, cyber attack, or email hack. There was the recent ransomware attack which brought down several hospitals and French automaker Renault and its partner Nissan’s operations for several days. There were also unforgettable hacks of Sony and Yahoo in recent years. All these hacks and security issues beckon the question: how do I keep my online information private and protected? What can consumers do, and what is important for business owners with websites to do in order to safeguard their visitors’ private information?
One of the most important (and admittedly annoying) parts of internet security is passwords. We’ve all heard it a million times, and even I roll my eyes every time I need to create a new account online, because the password requirements seem to always be different.
The thing is, however, that insecure passwords are one of the leading causes of your private data being breached. If you are used to using a single word with one capital letter, maybe a number, and a special character, there are still plenty of bots out there which are capable of guessing your password using what’s known as a “dictionary attack.” These attacks roam the internet for websites and email addresses, guessing every word in the dictionary in a matter of seconds.
One way for you to prevent this type of attack is to either use a computer-generated password and store all the passwords in a secure plugin or app, such as LastPass and 1password. This allows you to have a different password for every website, but you only need to remember one—the one used for said plugin or app. The other option for security is to use what’s known as a passphrase instead of a password. This can be a short sentence (many websites now allow spaces in their passwords) that’s easy for you to remember, but very difficult for others or bots to guess. An easy one to remember could be as easy as “I was married on May 22!” It’s plenty of characters, plus it includes uppercase, lowercase, a number, and a special character.
Even if you have the strongest password, your website security is also dependent on the websites that you visit. If you enter your username and password into a website, it’s up to that website to make sure that the connection is both private and encrypted. This is done by both ensuring that the website’s code is secure and not something that can be hacked, but also by using SSL encryption on the website.
An SSL (secure sockets layer) certificate is an encryption technology that was developed in the 1990s and creates an encrypted connection between the server that your site is on and your visitors’ web browsers. It encrypts all the information sent to and received from a website, while also putting a padlock and “https” into your web browser’s address bar.
Without an SSL on your webserver, any information that visitors put into your website is sent plain-text over the internet. Therefore, it is exceptionally important for all websites asking for sensitive personal information, such as credit card information or social security numbers to always have an SSL certificate, but it is also a wise decision for all website owners to install.
First of all, you always need to think about your brand’s image. You want to appear trustworthy and like a reputable business. In today’s modern age, more and more consumers know to look for encryption on websites before they start browsing, and especially before putting their information into your website. Site visitors are now learning, and many people will no longer purchase anything from websites that do not include the “https” protection. Even a loss of one customer could cost your business hundreds of dollars.
Another important reason to have an SSL on your website is related to Google, which has recently made a few updates to both their search algorithm and their web browser, Chrome. Google released that they would begin rewarding websites for having a secure website in 2014, which means that all things equal, an “https” website will rank higher than a non-https website. More recently, Google Chrome announced that non-https websites would begin to have large, red warnings indicating that they’re “‘Not Secure.”
The installation process of an SSL onto your hosting or server can be a bit complex, and while many certificate authorities or hosting providers offer services to install SSLs, sometimes it’s best to start the conversation with your web developer.
As a full service web design and managed hosting provider, Webspec Design can also provide SSL certificates and encryption on your hosted website. If you’ve been thinking of moving over to Webspec, consider adding this feature on your website from the beginning. If you already host with us and would like to implement https security, contact your project manager today, and we can get that implemented.