web hosting

Securing Your Business Website in Three Easy Steps

Whether it’s the local shopping market, airport or online, thieves are lurking and just waiting for you to make a critical mistake.  In fact, much of the internet community is in a state of panic as data theft is at an all-time high.  Credit card numbers, bank account information and identities are being stolen from companies who don’t know how to properly secure their website and transactions.  Assuming you don’t want to be the next victim, we have provided three simple tips to keep you one step ahead of the attackers.

1.) Make Use of Encryption

In order to protect the monetary transactions occurring on your site, you at least need to have an SSL certificate with no less than 128-bit encryption.  This security tool can be installed and managed by a third-party vendor such as VeriSign or you can choose to handle the configuration yourself.  What SSL does is scramble the data being sent over the internet in a code that is unreadable to hackers.  Thus, when sales on your website are made, the financial details of your customers is encrypted, securely transmitted and then decrypted by your payment processor.  By placing an SSL certificate seal on your website, you can calm the nerves of consumers and encourage them to shop your store in confidence.

2.) Check Your Buyers

Although you don’t want to look as if you are suspicious of everyone, the prevalence of credit card payments increases the probability of a customer using someone’s financial information without their knowledge or approval.  To minimize situations like this, you should check the identity of your customers.  This can be done by not only obtaining their name and credit card number, but also their home address, telephone numbers and the security code located on the back of the actual credit card.  By doing so, you can better assure that the financial details submitted actually belong to the individual making the purchase.  If the card comes back as stolen, you could end up playing a role in helping authorities track down the criminal.

3.) Research Your Merchant

To ensure that financial information will not be stolen following the transaction, it is imperative that you run a thorough check of the merchant account provider processing your credit card payments.  You can start by reading reviews to learn if they have a history of fraud or security issues.  Don’t hesitate to speak to the company directly about the security measures they employ and most importantly, to make sure you are completely confident in their services.  If you have any doubts about the provider, follow your instinct and move on to the next option.

Security is a hot topic in seemingly every industry these days.  If you are using the internet as a medium for your business, these certainly are not times when you can just sit back and simply hope for the best.  Hackers and their attacking mechanisms grow more advanced everyday, so it is critical that you take the appropriate actions to keep both you and your customers out of harm’s way.

SSL For Your E-commerce Site

With credit card fraud and identify theft on the rise, consumers are more cautious than ever about shopping online.  If you are running a store online, this means that potential customers are more reluctant to buy products and services from your site.  In order to boost consumer confidence and make them feel safe, you need a reliable security mechanism that keeps their personal information secure.  What you need is an SSL certificate.

What is an SSL Certificate?

Secure Sockets Layer or SSL, is a security protocol that enables encrypted communications between the customer’s web browser and the server your store is hosted on.  This is accomplished by what is known as a handshake, a process where the server’s identity is confirmed and a secure connection created.  SSL typically offers 128-bit encryption, formulated by an algorithm which generates a key that is virtually impossible to crack.  An SSL certificate shows that your site is secure and safe for shopping.

How to Get a Certificate

SSL certificates are offered by entities known as Certificate Authorities, with the most popular being GoeTrust, Thawte and Verisign.  For the most part, these authorities provide certificates that give you the same level of security.  A single certificate can encrypt the data traveling between the server and each of your customers’ web browsers.  The average online storefront can get adequate protection from a basic SSL certificate.  You also have the option to purchase additional services to strengthen the level of security.

Installing the Certificate

Although many web hosting providers offer SSL certificates as add-on products, you typically have the freedom to incorporate one purchased from a third-party vendor as well.  In most cases, you can learn how your SSL certificate is to be installed via the instructions in the control panel software or by contacting the host’s technical support department.  Some of the most advanced control panels even allow you to incorporate an SSL certificate directly from the interface.  Once installed, the certificate is automatically enabled.  You will know it is activated when noticing “HTTPS” in front your URL rather than “HTTP”.

Designing for SSL

The design of your site is very important when implementing an SSL certificate.  In order for your web pages to be viewed as secure, all scripts, graphics and media elements must be deemed secure as well.  You have probably visited web sites where a warning displays stating that some of the elements of a particular page are not secure.  These messages are prompted when external elements of a web page are not called using the HTTPS protocol.  In many cases, the certificate is valid and secure but the page isn’t designed properly for SSL.  All the external elements of your page must be called using links that include the full URL.  One simple graphic that doesn’t use HTTPS will generate a “not secure” error.

Conscious online shoppers are increasingly looking for SSL certificates and if you don’t have one, you are missing out on a lot of business.  You can have some of the most beneficial products online but if no one feels safe buying them, they will hesitate to proceed with the transaction.

The Insecurity of the Open-source CMS

Open-source content management systems are incredibly popular these days.  Unfortunately, one issue that has always plagued this type software is security.  On the surface, it would seem as if open-source software is more secure than commercial products based on the reported number of security vulnerabilities and activity in the community.  However, this is far from the truth and a misconception that has resulted in trouble for many website owners.  With a proprietary solution such as the Microsoft Content Management Server, you are generally provided with support and insurance against security flaws.  With open-source solutions, you are forced to rely on the support of the software’s developers and user community which means that nothing is guaranteed.

Elements of CMS

The open-source CMS consists of various elements, many of which contribute to vulnerabilities.  The average software includes add-on modules, encryption mechanisms and a plethora of scripting errors.  These elements can simply be a part of a certain product or included into the entire system.  Completely securing such an application on a web server is no easy task.  All publicly accessible server applications are designed for around the clock availability, providing access to visitors and attackers alike.  Without the proper security implementations, an open-source CMS is essentially wide open for an attack.

Insecure software can inflict a significant amount of damage, especially when it comes to a program as functional as a content management system.  When vulnerabilities in such software are exploited, the best result could be the defacing of your website.  The worst case scenario would be the exposure of sensitive data that blemishes your credibility and possibly ruins your business.  There have been various reported instances where vulnerable systems resulted in the leakage of Social Security numbers, credit card details and other personal information.

Joomla, Drupal and other CMS Targets

It is no surprise that some of the most widely used open-source content management systems such as Joomla and Drupal are among the most targeted on the web.  The fact that the source codes of these systems are freely available and have numerous installations make them a prime target.  While the average visitor can’t distinguish between a commercial and open-source product, they tend to be easily identifiable to attackers.  A simple web browser along with the viewing of URLs and HTML patterns in search engine results can give a hacker all the information they need to strike.

One of the most attractive aspects of the open-source CMS is that you can customize and actually own a particular product.  On the other hand, because the software is originally developed by someone else, it is very likely that there are a few things you don’t know about the program, meaning you can’t ensure security after making changes.  This is why many open-source systems include disclaimers against third-party modification as well as the overall security of the software, basically telling developers to use at their own risks.

With so many people handling the code, it is unpractical to think that any open-source CMS will ever be 100% secure.  The best thing you can do when relying on these solutions is to understand the risks, make sure you are using the most recent versions and design your web pages with caution.  Attackers are persistent but not nearly as powerful when their methods of attack are limited.