//
you're reading...
Information Security, IT & TECHNOLOGY

7 Things That Make Every Website Safer for Customers


ISACA-Logo

Your website needs to be well-designed, functional, and aesthetically reflective of your brand. But — don’t forget—it also needs to be safe. Website security is a vital path of development that makes your data less vulnerable to cybercriminals, and increases the security of your customers’ financial transactions.

You’ll also prevent the possibility of a massive consumer data breach—like the one faced by Target a few years back, which cost the company $39 million and even more in lost consumer trust. And, you’ll build your reputation and trustworthiness simply by having tighter security standards on display.

Getting Technical
Unfortunately, website security is a somewhat complicated issue. Top data security experts have decades of experience and work tirelessly to come up with ingenious new ways to protect against digital vulnerabilities. Today’s entrepreneur has access to tools like Website Setup that make it easy to launch and manage a website, but it’s difficult to match this level of dedication — especially when you don’t have the technical knowledge to back up your efforts.

Today’s website building tools and practically unlimited online resources make it easier to make your site safe — but you still must be familiar with your top priorities.

Website Safety Features
These are some of the most important website safety features to have integrated for your customers:

  1. SSL encryption. SSL encryption is a relatively simple installation and basic security feature that encrypts the connection between a web browser and a web server. When customers input information (like credit card numbers), that information is passed from the customer’s browser to your web server; SSL encryption makes sure that information can’t be easily seen or intercepted by third parties. SSL-encrypted sites are designated by a “https” prefix that lets consumers know they’re safer.
  2. Secure login and logout features. Simple, secure login and logout features also can make your site safer. For example, you could mandate that your customers re-sign in when they’re about to check out to avoid the possibility of fraudulent purchases made on an idly logged-in account. You could also have your site automatically log customers out after a period of inactivity. This helps prevent the possibility of infiltration and identity theft.
  3. Mandatory password requirements. You can also increase the security of your logins by instituting mandatory password requirements. Many people opt to create simple, memorable passwords such as “password,” “123456,” pet names, birthdays, or other basic combinations. However, these are easy-to-guess and make it simple for a hacker to gain access to that user’s account. You could mandate that passwords be at least a certain number of characters, or that they contain multiple types of characters like lower-case letters, upper-case letters, numbers, and special symbols.
  4. Multi-factor identification. Multi-factor security can also increase the safety of your site, though for the most part, this method is reserved for banks and other financial institutions where safety is of the utmost concern. With this setup, users are forced to identify themselves in multiple ways—such as with a signature device as well as a password-based login.
  5. Updated software and platforms. One basic action you can take to keep your site safe is keeping your CMS system up-to-date. For example, WordPress routinely releases new software and new security protocols; making sure your site is updated will help you stay ahead of new potential threats and remain on the best system available to the public.
  6. Hidden admin directories. Most template and basic CMS sites have a simple way to be accessed: the main domain, followed by a “/admin” or similar setup at the end. Hackers realize this and often try to break into the back end of a site by first accessing this admin directory. You can make your site more secure by “hiding” this admin directory, disguising it with a custom URL or otherwise masking your original directory.
  7. Consumer information. Finally, keep your customers up-to-date with best practices for personal security. Let them know the advantages of choosing a strong, unique password, and encourage them not to stay logged into their accounts on public devices. There’s only so much you can do to your site to protect security breaches; arming consumers with information to protect themselves is the next step.

With these security factors in place, your company and your customers will both be better protected from digital threats. Your security doesn’t have to be top-of-the-line or ridiculously expensive to be effective; most cybercriminals spare effort by targeting only the most vulnerable companies, so even these simple features can help protect you.

Make the effort to step up your website’s security, and you’ll improve both customer acquisition and retention. What’s more, you will rest well knowing you have improved protection against possible attacks.

Larry Alton, Writer, LarryAlton.com

[ISACA Now Blog]

About @PhilipHungCao

@PhilipHungCao, SACS, CISM, CCSP, CCSK, GICSP, CASP, CIW-WSP, PCNSE7, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 108,622 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, SACS, CISM, CCSP, CCSK, GICSP, CASP, CIW-WSP, PCNSE7, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 1,717 other followers

Twitter Updates

Archives

February 2017
M T W T F S S
« Jan   Mar »
 12345
6789101112
13141516171819
20212223242526
2728  
%d bloggers like this: