Posted by Roger

‘Hacking’, as we all know, is a major problem on the internet and one that is of increasing concern for website security.

Why Hack?

Hacking of small and medium sized businesses is not usually carried out with the intention of damaging the site or taking it offline, but is done simply to gain access to the server. The server can then be used as a transmission point for so-called Distributed Denial of Service (DDoS) attacks on other sites. If hackers have gained access for this purpose, your site may not be affected but may be slower to load. The other purpose of hacking is to gain access to data you may have stored on your server including, potentially, your email. If you have any commercially sensitive data on your server, this could be at risk from hackers.

Encrypting the Data

An effective way to guard against unauthorised access and keep yourself secure is to encrypt the data that moves between your server and the devices used by anyone accessing your site. You should, of course, already be doing this is you are taking payments online. If you are not encrypting the data, then the logon id and password that you use to access to your site will be passed as entered over the network connection you are using. It is relatively straightforward for hackers to ‘spy’ on the connection and acquire the data that is passed.

Encryption of the data is achieved fairly easily by installing a security certificate on the server and making minor amendments to some of the internals of your site to ensure the certificate is being used properly. If this is done properly, you’ll see a green padlock icon in the address bar of the browser and the web address will be preceded by HTTPS. You will see the green padlock on this website.

Browser Behaviour

Chrome Website security warning Google is pushing hard to encourage all website owners to make their sites secure and is giving sites that have taken this step an additional (but small) boost in the search engine rankings. I believe this boost will become greater in the next 12 months as Google relentlessly pursues its objective of making the web a safer place.

Google is planning on marking ALL non-https sites as ‘Not secure’ in the near future.

Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as "not secure," given their particularly sensitive nature. In following releases, we will continue to extend HTTP warnings, for example, by labelling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy.

Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.

Source Google

Password security warning Firefox Firefox 52 (the current version – March 2017) is also taking this approach and marks HTTP pages with passwords or credit card fields as ‘not secure’ both in the address bar and below the insecure fields.

Conclusion

So even if your website doesn’t take payments or require users to register, you’ll soon find your web pages marked as non-secure. This will surely have a negative impact on how site visitors feel about your business.

There are significant advantages of making the move to HTTPS to improve website security and now is the time to get started to ensure you keep your company website safe and secure. Contact us now to find out how we can help secure your website.


More from the blog

Business Website Checklist

Business website success checklist

All the posts on this site are aimed at people who want to get the most from their website in terms of number of engaged and interested visitors, so potentially increasing the amount of business they are able to carry out. To that end, I have written an ebook that contains 35 items that will influence the success of your business website which you can download for free.

Read more

An Appeal about Passwords

Strong passwords make the internet safer

As everyone knows, there is a lot of attempted fraud on the internet and there are people who would like to use your userid and password to access the services you use. Why do they do this? It may be that they can get financial information, e.g. credit card details, which they can take advantage of or, they may just want to use your email address to send SPAM messages to others. The first of these can obviously lead to your finances being compromised (usually quantifiable) and the second results in reputational damage, both personal and affecting your business (unquantifiable). Neither of these outcomes are, in any way, desirable. However, there are simple actions you can take to protect yourself.

Read more