Three Measures to Secure Your Website
It’s beyond time to move on from HTTP – at least in the world of e-commerce and payments. Last September, Google announced that starting this year, its Chrome browser would begin marking HTTP sites that transmit payment card information or passwords as non-secure. Part of Google’s big security push includes potentially flagging all HTTP sites with a red-for-danger icon by the end of the year. Businesses that have not implemented the necessary security measures are in danger of being flagged with this red icon, which could turn away customers who access their website.
This stems from a larger campaign for more security, as many tech company have increasingly emphasized users switching their sites and businesses over to HTTPS encryption, one of the main lines of defense against the growing threats that exist on the web.
For the average consumer this may seem trivial, but as an e-commerce site owner or an online business that handles sensitive data wanting to reach a broader customer base and build more trust, this means that there is a need to take security more seriously. Not only will switching to HTTPS elevate the security of online services, but it will also help increase customer awareness and trust when they visit insecure websites.
Here are some measures businesses can take to move to and beyond the basic security HTTPS can provide:
- Enabling HTTPS will remedy most issues surrounding Google’s new agenda, but beyond that, transitioning to the encryption will provides user authenticity of the website they are visiting. The S within the protocol stands for “secure”, and that means any communication or transfer of data between the user and the site is encrypted.
- If online businesses haven’t done so, installing basic security is a necessary step in the right direction. Protecting sites with at least SSL/TLS protocols, especially on login and checkout pages where sensitive information may be shared, will add an initial layer of defense that is imperative.
- The past few years have seen various attacks like Heartbleed, BEAST, and POODLE targeting security vulnerabilities in SSL/TLS. Make sure these implementations are following best practices such as having strong private keys (e.g. 2048-bit RSA), supporting TLS 1.1 and using higher, secure cipher suites with perfect forward secrecy, and a reliable Certificate Authority.
Hopefully these practices will help you avoid the expected Google flags but more importantly will lay a foundation to keep your site and your users safer online. To find out more about the risks that insecure practices can lead to, take a look at our webinar on fraud on payment platforms.