Cyber security and keeping your website safe

Whether it’s the vigilante ‘justice’ of Anonymous or the supposed Russian hack of US politicians, web security is on everyone’s lips these days. Just this week, the government confirmed £1.9 billion to be invested in cybersecurity. But how do you know if your website is secure? Whether it’s a new site build or a site that’s been available to the public for a while, it’s never a bad time to consider security for your website.

Savvy web users even know what to look for in order to check how secure your site is because good security is a prerequisite for many online audiences. The most common form of web security, and the minimum many site visitors expect your site to have, is an SSL certificate.

What’s an SSL certificate and why do I want it?

I’m glad you asked. SSL refers to ‘Secure Socket Layer’ and you can buy it to create a level of security between you and the user of your website. You see, information is being sent between the visitor’s computer and your website, but without an SSL that information is unprotected and available for nefarious rascals to access it all. An SSL certificate comes in the form of a text file that you put onto your server. Once it’s in there, it will be able to encrypt the information being sent to and received from your website visitors, meaning no unwanted interruptions on the valuable information’s journey.

One of the big reasons you want this security measure – besides the obvious of avoiding reputation-crushing hacking of sensitive information – is the trust that it bestows on your audience. When you have an SSL certificate, there are ways for visitors to check it’s there. For instance, have you ever noticed there are two different ways to start a URL: ‘http://’ and ‘https://’? Well, that ‘s’ represents the SSL certificate. You might also have noticed a padlock logo up by the URL address, which indicates the same thing. People can easily see if you have taken measures to increase security on your website and when they see you have, it makes your site significantly more trustworthy. Just be aware that, once you have the ‘https’ URL, you’ll need to redirect any traffic going to your ‘http’ site (your web developer will know how).

However, many sites – especially those that don’t deal in sending or receiving sensitive or private information – have another motivation for getting an SSL certificate. In 2014, Google announced that it would be taking security into consideration for its search engine algorithms. This means having an SSL certificate will actually increase your search ranking. Google expects websites to maintain their security too, so older, outdated security certificates are displayed with negative signs such as “secure with errors” and “affirmatively insecure”, which will negate the trust you got the certificate for in the first place.

I want an SSL certificate this second!

Well, with the rousing argument we just gave, I should think you do! Sadly, in order to get an SSL certificate, there are a few hoops you need to jump through. Nothing too serious, but in order to verify your business and website, the company you buy your certificate from needs to be thorough. The process can take up to a week. But don’t worry, there are ways to make sure your site is safe and secure in the meantime.

Cloudflare is an independent website that you can sign up to for cyber security. They ‘intercept’ the information going between you and the site user, and check for anything malicious or suspicious. You can get a free version of this service in which they provide an SSL certificate, encrypting the information moving between Cloudflare and the visitor (but not you and Cloudflare). The service includes the option to set firewall rules, and Cloudflare stores some of your information (cache) to serve content to your audience quicker.

Fin's sketch explaining Cloudflare

So what am I waiting for?

If you’re currently building your website, then make sure you’ve talked to the web developer about security. They should know what level of security you will need. There are many types of SSL certificates, with prices ranging from under 50 pounds a year with companies like GoDaddy, to several thousands of pounds for more secure options. If your business is involved in financial transactions or the financial sector, then it is strongly encouraged that you get the best possible security you can find. Otherwise, you’re essentially leaving your office door unlocked and the lights on with a ‘Gone Fishing’ sign outside.

There is also a free option from the non-profit organisation, Let’s Encrypt. They offer free SSL certificates with encryption as they don’t believe websites should have to pay for it. In their own words, “We want to create a more secure, privacy-respecting web.” They’re funded by some of the biggest names on the web included Chrome and Facebook, so could be an interesting option to consider when assessing your business requirements.

If you already have a website up and running, then you may consider changing your SSL if you feel your security needs an upgrade. You can test the effectiveness of your SSL with websites like Qualys SSL Labs.

 

We hope this blog has been a helpful introduction to SSL certificates and cyber security. At Dusted, we have several experts in-house who can fill you in on security and how it can help you. If you have a question, feel free to contact us, or hit us up on Facebook or Twitter!