Internet security practices are frequently ignored or forgotten about, especially by individual users who have little need for high security password management. Issues can range from clicking on phishing email links to not using different passwords for different accounts. Businesses similarly often put off increasing security because of expenses or lack of time. When a business doesn’t keep up with the latest security, they risk their own security and that of their consumer-base.
Encryption secures all communication done on a website, including when a user website cannot be hacked. When a user loads an unsecured website, somebody else can look at or modify information on the site before it loads for the user. An website’s encryption status is recognisable by its URL:
Google has introduced a variety of deterrents for the business and their customers, encouraging non-encrypted websites to improve their security. Research shows users previously have not perceived HTTP websites as unsecure.
Now, users are warned that a website is not secure whenever they interact with the site. That is, if they enter information, such as a username, password, contact details, bank details or even search terms. Users in ‘Incognito Mode’ will get the not secure message on a non-encrypted website, even if they don’t interact with the website, because users generally perceive Incognito Mode as more secure. Google will also penalise non-secured websites by dropping leads, stopping traffic getting your website. Keyword rankings will also drop and make bounce rates higher.
Lime Crime Makeup was a trendy, youthful makeup brand that incurred massive damage to their reputation, and were even boycotted by many beauty professionals and past consumers, due to their lack of website security in 2014. The company furthered their decline by denying their website was not secure and ignoring complaints for around four months. Their primarily online business suffered when their website was compromised by people exploiting their non-updated or allegedly expired Secure Socket Layer (SSL) certificate in October 2014. It was later found that their payment processing system was not up to date. Customer information was stolen, including names, addresses and passwords, as well as credit and debit card numbers, expiration dates and security codes. Even PayPal users were at risk if they used the same password on the Lime Crime website as they did their PayPal account. Any of the information stolen could lead to identity theft. The brand received fraud claims of up to $10,000. The brand had a class action lawsuit filed against them due to the incident.
Ensuring your website is secure is therefore vital to the continued success and progression of your online business. If your website is not encrypted, you should start taking steps towards securing it immediately. The solution may be as simple as your developer may need to change how certain elements of your website have been coded, known as ‘mixed content.’ Mixed content means you have adequate security on most of your website, but something on the page is loading via an unsecure link, possibly an image embedded in the code or an old plugin that inserts an extra feature onto your page. The website ‘Why No Padlock’ can search for unsecure items on your page. Updating any mixed content should fix the issue.
Otherwise, you will likely have to add or update your SSL certificate, which is a data file that ‘padlocks’ an organisation’s details and secures them. Generally, the company’s secure information includes a domain name, server name or host name and an organisation’s identity and location. SSL secures payment transactions, data transfers, login details and even browsing social of media websites for consumers. If you do plan on integrating a SSL certificate, ensure you migrate your HTTP website to your HTTPS website to ensure your search engine optimisation does not suffer. SSL secures payment transactions, data transfers, login details and even browsing social of media websites.
If you have any questions about securing your website, HTTPS, how to implement a SSL certificate or any other questions relating to security, please contact us at firstname.lastname@example.org or simply call us on 1300 859 358.