You’ve heard recent news about security breaches at Yahoo and hacking allegations during the 2016 presidential election. These are just two examples of the recurring nightmare of real dangers on the Internet – which hurt organizations of all sizes and potentially anyone on the web. Google Chrome, Mozilla Firefox and other web browsers are all too familiar with these kinds of cybersecurity risks and are making helpful changes to protect all of us. But you need to understand that they might not help your website unless you take immediate action.
In November 2016, I wrote about a simple idea published inside USA Today which has huge implications – the more a person trusts a business, the better it is for that business. Further, our Symantec Website Security Team created a timely, useful content hub that’s all about helping you to prepare for browser changes and be trusted in 2017; follow the conversation on Twitter with #BeTrusted2017.
Why is this topic important right now?
It’s 2017 and already, Google Chrome and Mozilla Firefox are actively judging web pages containing password and payment input fields, but without using encryption, to be Not Secure – and displaying those scary terms right in the URL bar. Changes like these are a forcing function for all businesses – from sole proprietorships to busiest websites – to move from non-secure HTTP to more secure HTTPS, now. It’s also creating an opportunity to become more compliant and competitive from a trustworthiness perspective.
This transition period is a meaningful opportunity for you to create more trust on the web which could support your digital business, e-commerce, customer experience, and search engine optimization objectives going forward.
Website Security Webinar: January 31, 2017
Given browser changes and known website security threats, join Dave Corbett and me on January 31st for a useful webinar that will provide a step-by-step approach to assessing your website security situation and switching from HTTP to HTTPS. We’ll also cover our ‘Be Trusted Framework’ and ‘Website Security Math’ ideas to provide context and relevant insights. As a preview for the webinar, watch and share this brief video.
Ten Steps to Switch from HTTP to HTTPS
If you’re concerned about possible financial losses, site traffic slowdowns or brand damage due to lack of customer trust, here’s a quick overview of how to encrypt your website with an ‘Always-On SSL’ approach. We’ll cover these ten steps in more detail during our January 31st webinar:
- Evaluate your website for security vulnerabilities
- Do a full back-up of your site before making any changes
- Make the right SSL choice – extended validation certificates are recommended
- Install and test SSL certificate(s) to ensure they’re working as required
- Removed mixed content by replacing HTTP references with HTTPS pointers
- Fix server protocol and cipher suite settings
- Redirect HTTP traffic to HTTPS
- Implement an automated scanning system that will help you be more proactive
- Set the secure flag for all session cookies
- Implement HTTP Strict Transport Security (HSTS)
Clearly, just implementing a few of these will get your site compliant with the browser changes – but there’s way more to demonstrating security and trustworthiness than merely encrypting data. Users want to know that they’re really on your site (not a fake site), that you operate a legitimate organization, and that they are safe to proceed.
Website Security Content to Help You Now
If you’re a website developer, e-commerce or marketing leader, or IT security practitioner for an organization that serves businesses and/or consumers on the web, I recommend you carve out just 60 minutes to tune into our helpful January 31st webinar. If you’re unable to participate, we’ll provide an on-demand version shortly after it’s aired live; either way, there is useful content to download at any point.
Our content hub is also a fantastic resource for you and your team to get complimentary best practices and how-to info, participate in live discussions and webinars, read and share blog posts from our website security experts, and choose SSL/TLS certificates that are right for your organization.
Is your website not secure? We can help you fix this digital business problem right now!