Unless you’ve been on a remote island for several months, you’ve heard news about security breaches at Yahoo and hacking allegations during the 2016 presidential election. These are just two examples of real dangers on the internet – which hurt organizations of all sizes and potentially anyone on the web. Google Chrome, Mozilla Firefox and other web browsers are all too familiar with these kinds of cybersecurity risks and are making helpful changes to protect society at large.
In November 2016, Jeff Barto of Symantec wrote about a simple idea published inside USA Today, which has huge implications – the more a person trusts a business, the better it is for that business. Further, Symantec created a useful content hub that’s all about helping digital businesses, website developers and operators to prepare for browser changes and be more trusted in 2017.
Why is this topic so important right now?
Google Chrome and Mozilla Firefox are now actively judging web pages containing password and credit card input fields, but without using encryption, to be Not Secure – and alerting people in the URL bar as seen below. Changes like these are a forcing function for all businesses, from sole proprietorships to most visited websites, to move from non-secure HTTP to more secure HTTPS. It’s also an opportunity to become more compliant and competitive online from a trustworthiness perspective.
Of course, being more trustworthy and communicating that “it’s safe to interact and purchase here” will support digital business, customer experience, e-commerce, sales, search engine optimization, and growth goals.
Website Security Webinar: January 31, 2017
Given browser changes and known website security issues, join Jeff Burto and Dave Corbett on January 31st for a webinar that will provide a step-by-step approach to assessing your website security situation and switching from HTTP to HTTPS. I’ve been told they will also cover their ‘Be Trusted Framework’ and ‘Website Security Math’ ideas to provide context and relevant insights. Here’s a quick preview of the webinar from Jeff Barto:
Ten Steps to Switch from HTTP to HTTPS
If you’re concerned about possible financial losses, reduced site traffic, or brand damage that comes from lack of trust, here’s a quick overview of how to encrypt your website with an ‘Always-On SSL’ approach. Jeff Barto and Dave Corbett will cover these ten steps in more detail during their January 31st webinar:
1. Evaluate your website for security vulnerabilities
2. Do a full back-up of your site before making any changes
3. Make the right SSL choice – extended validation certificates are recommended
4. Install and test SSL certificate(s) to ensure they’re working as required
5. Removed mixed content by replacing HTTP references with HTTPS pointers
6. Fix server protocol and cipher suite settings
7. Redirect HTTP traffic to HTTPS
8. Implement an automated scanning system that will help you be more proactive
9. Set the secure flag for all session cookies
10. Implement HTTP Strict Transport Security (HSTS)
Implementing a few of these will certainly help your website be compliant with new browser changes. But there’s more to communicating security and trustworthiness than encrypting with HTTPS. People visiting your website want to know that it’s not a fake or high-risk website and that you’re operating a legitimate business. Fact is, people avoid perceived pain if they sense danger is present. So go the extra mile to ensure people feel safe!
Website Security Content to Help You Now
If you’re a business owner, website developer, e-commerce or marketing leader, or IT security practitioner for an organization that serves businesses and/or consumers on the web, consider tuning into this January 31st webinar. If you’re unable to participate live, an on-demand version will be available shortly after.
As a reminder, the https://go.symantec.com/be-trusted content hub is a comprehensive resource to access best practices and how-to tips, participate in live discussions and webinars, read and share blog posts and articles from website security experts, and choose SSL/TLS certificates that are right for your organization; follow the #BeTrusted2017 conversation on Twitter.