X
WHAT DO YOU NEED?
YOUR DETAILS
* Required Fields
THANK YOU for contacting us

We endeavour to answer all enquiries within 1 business day, so you’ll be hearing from us shortly.

In the meantime we’d love you to get social with us
or perhaps you’d like to sign up to our newsletter?
You’ll receive FREE actionable tips and insights to improve your website

REQUEST A QUOTErope

BLOG

Is Your Website Safe? Website Security Explained

6 Oct 2020
0 Comments

Protection of our personal information online is becoming an increasingly hot topic as we spend more time on the web and technology allows us to do more there. In this climate, businesses need to treat website security as an essential rather than a nice to have. But how do we secure something we can’t even see?

Let’s cover the key questions SMB owners should be asking of their website security.

 

Why is website security and encryption so important?

First thing’s first — let’s look at what encryption is and why it’s so important to your business and your customers.

A company’s website gathers customer information in multiple ways: forms, user registration credentials, credit cards for payment, etc. This sensitive information generally passes through dozens of servers and networks as it travels between your website and your site visitor’s browser, and vice versa.

At any stage in this journey the information can be intercepted by nefarious types and used with malicious intent, potentially damaging your customer’s trust and brand loyalty, not to mention costing you a lot of money. A secure connection safeguards against this by encrypting the user’s information before it leaves your site, and then decrypting it again when it arrives at your visitor’s browser destination, and vice versa.

 

What are HTTP, HTTPS, SSL, and TLS?

You may be familiar with HTTPS (or HTTP) because it comes before the URL in your web browser’s address bar.

HTTPS stands for Hypertext Transfer Protocol Secure, and is a layered combination of the Hypertext Transfer Protocol (the foundation of data communication for the web) and SSL/TLS protocol (Secure Sockets Layer and Transport Layer Security [a cryptographic protocol that enables secure communications over the net, with TLS being the successor to SSL]).

A secure HTTPS connection is provided via the use of a third-party secure Certificate, which gives your website a stamp of authenticity and security. This lets your visitors know they can both trust that the pages on your site are indeed authentic, and that you can be trusted to handle their sensitive information. For a deeper understanding of how HTTPS works, head here.

 

What is a CA (Certificate Authority)?

Often referred to as a CA, a Certificate Authority (sometimes also called a Certification Authority) is a third-party organisation that provides companies and their websites the encryption and related secure certificate that allows them to offer users an HTTPS connection while browsing their website.

A Certificate Authority validates the identity of a website and binds it to a cryptographic key as part of the HTTPS Digital Certificate. Website users can then access information about the certificate the site they are browsing holds.

 

Which companies should have a secure certificate?

It used to be that HTTPS certification was only necessary for websites that dealt directly with high-risk financial information like credit cards and bank account details, and personal communications i.e., e-commerce, banking, and email platform sites.

In more recent years, Google have ramped up their efforts to keep accounts and information private and secure, and to protect page authenticity across a wider variety of websites.

This means that websites with a secure HTTPS connection are rewarded with a closed padlock icon to the left of the URL in the browser’s address bar — this tells them you value their privacy and personal information and have taken steps to secure it.

This is what you see in Chrome when you visit an HTTPS-certified website:

   

Note the padlock to the left of the URL field.

 

  

And when you click on the padlock:

 

Users can click on ‘Certificate’ to read more information about the website’s security certificate and the issuing Certification Authority.

 

   

What happens if you don’t have a secure certificate and an HTTPS connection?

Google have been slowly increasing the pressure on site owners to make their websites secure, encouraging them to take encryption seriously.

In January 2017 Google changed their Chrome browser so that websites with unsecured HTTP connections displayed an ‘i’ icon to the left of the address bar. Clicking on this icon warned the visitor that site was not secure.

In October 2017, they added ‘Not secure’ text display beside the ‘i’ icon when the visitor starts to enter data in any kind of field on an HTTP site.

In 2018, Chrome dropped the ‘i’ icon and now use a hazard icon and ‘Not secure’ message as shown below, for any non HTTPS websites.

 

The ‘Not secure’ warning displayed on non-HTTPS websites.

 

  

And when you click on the warning:

 

Not what a user wants to see when browsing or sharing their personal data with a business.

 

  

 

In October 2020 when Chrome 86 rolled out, the browser began showing a warning when users start filling out a mixed form — a form on an HTTPS website that doesn’t submit via an HTTPS channel. This was part of Chrome’s gradual push toward blocking mixed content.

 

 

Is website security an SEO factor?

Another reason to get your site HTTPS secured is that Google deem websites with HTTPS connections to be safer than those without, giving them slight preference in search results.

This helps serve Google’s objective of returning the best results for users’ searches, i.e., high quality websites that offer both robust security and great content that addresses the user’s search term.

 

Taking all practicable steps to secure your website

When we leave our cars, we lock all the doors, not just a couple to give the illusion of a secured vehicle. For the same reason, comprehensive website security is a key element in the holistic approach we take to creating effective websites for SMBs.

We take our client’s website security very seriously, and only use premium HTTPS certificates from digicert, a highly reputable Certificate Authority. With our decades of experience in website security we know that the small annual cost is well worth the peace of mind that the premium service offers.

If you have any questions about the security of your website, drop us a line.

 

 

Leave a comment

Fields marked * are required