SSL And Website Security

There are many aspects to the security of websites let alone the security of your PC. Lets discuss some of the reasons you would want a secure site and then some of the reasons why more advanced site security is really not that necessary.

TYPE OF SECURITY

First of it really depends on what you intend to store or what kind of transactions your website is going to perform. For example online shopping may be storing credit card information. In this case site security is a must. Most online shopping will store the credit card information for short periods of time during a transaction or pass this information from PC to server. But usually this information is removed and never stored in the database. The reason being because most hackers are trying to get into the main database and find the most critical information. What they want is customer information and credit card numbers.

Online banking of course is going to be one of the most secure sites.  Online banking must focus on security but if online banking can be done securely then just about any type of transaction could be achieved online including voting. In this case every corner of a site security is a concern. Development costs go up and security holes are quickly dealt with. Full time web developers are constantly monitoring sites for new security breaches.  If you plan to use WordPress, Joomla or other development tools it is critical that you preform updates on your platform and plugins in order to avoid security breaches.  Usually you will need a full time developer checking your website weekly.

HACKING TECHNIQUES

What people do not realize is that most hacking really comes from their own PCs. The reason hackers usually get into your account is not because the website was hacked. It was because your PC was hacked.  Spyware and other viruses are easily brought into your PC. Stealing of usernames and passwords is some of the easiest hacking. Tricky spam through corporate emails is a pretty popular way especially when the hacker can disguise emails as other employees in the same company or send emails that look like a service that the company is currently using.  Another technique is to send emails that look like your bank.

Key readers that run behind your operating system are installed on your PC recording every single key that is typed. There are many hacking techniques that are used and accessed by people that may not even have a good understanding of writing computer code and almost all of them can retrieve usernames and passwords.

Social website security comes in a very different form. On a social website the user gets to secure the personal information that they feel should remain personal. For example someone may not want their phone number shown to anyone on Facebook. Modules are created by the developers to store phone numbers but allow the user to set permissions to share their number with only friends not strangers. So now site security is on the user side. The user has front end management control of their own accounts.  You must be sure to look through these permissions and set them as soon as you create a new account.

WHY WEBSITE SECURITY – THE CYBER CRIMINAL

There is an important social aspect that is growing with online website security in which younger generations are turning a blind eye. The question is why is internet security so important especially for social websites? A clear and growing problem is the world is not full of perfect people. Domestically or outside the United States, criminals are now using a slew of techniques through social websites to track the location and activities of people. Even to this day I find it hard to believe that people are willing to share every event or turn on location settings in Facebook or Google. Not only can criminals figure out when entire families are on vacation they can find out who will be in their home, your daily routines, your network of friends, your contact information, the car you drive and can even build a physiological profile of their subject without them knowing.  The very same techniques that are used to data mine social profiles for marketing are the techniques used by cyber criminals to track your every move.

In the next decade cyber criminals will grow to proportions unheard of. Developers are being pushed to add new security to websites.  People ignore the importance of using security features such as SSL. In general going online outside of the United States is highly untrusted, even with security measures in place. People outside the United States are very hesitant about turning on location settings and often do not post their location because criminals know very well how to GPS track you. A new website needs to also take precautions as to how personal information or personal security is being protected and what type of permissions the user will have access to. If any of these things are jeopardized a lawsuit could be filed against the website owner.

Reputations through false information have also been affected online and this is a growing trend. Younger generations are finding it easy to damage personal image by spreading rumors and other misinformation through forums and social websites.  Through social websites identity theft is more common copying two of the same people in more than one location.

What about a website with only very basic content. A website with no user interaction, only information to read. Web site developers are never really safe from all hacking. Even a site hosting only information can get hacked and the content can be changed. Especially if your site contains a lot of good information that is generating a lot of traffic. Security is then focused on making sure that the hacker cannot get into the server that your site is hosted on and run malicious code in order to change your content. Its like an over populated city with an outbreak of a deadly virus. The hacker is counting on the traffic of the site to boost their successful hacks.

BLOGS AND FORUMS

If you are focusing on blogs then you better think about having a person dedicated to managing all blog activities.  This is now becoming a marketing career and will pay well if you understand the company you are blogging for. Blogs are some of the most hacked parts of websites. They allow people to post a lot of information. Some blogs allow people to post executable code, downloads or links to sites that try to steal passwords or credit card numbers. Unmonitored blogs can turn a standard informational website into a hackers dream.

Websites offering site identification authentication are usually trusted. But keep in mind website security could also be compromised internally. Just like an employee at a department store stealing TVs. Developers and site administrators need to be trusted and a level of hierarchy needs to be developed to limit access of certain administrators.

There is really no instance where website security can be completely ignored.   Some sites are easily managed with minimal security but as hackers and cyber criminals grow and gain more experience security and protection of personal information becomes a priority to every website owner.

SSL IMPLEMENTATION

The importance of implementing SSL can no longer be ignored.  Full site migration can be tricky if your site contains many links and many pages.  We recommend that SSL is through your entire site not just portions.  This will eliminate any messages that browsers give users about non-ssl compliant websites.  If you are starting a new website an plan to implement SSL will be straight forward.  All you will need to do is buy an SSL certificate and have it set up on your hosting account.

Leave a Comment