Understanding Cyber Security Risks for Website Owners
The online economy is growing fast. The National Retail Federation reported that the number of online shoppers for last year’s Thanksgiving holiday shopping weekend in the U.S. was actually greater than the number of people shopping in stores. And Symantec states in their 2016 Internet Security Threat Report that the business-to-business e-commerce market is expected to be worth $6.7 trillion by 2020. Unfortunately, rapid economic growth naturally attracts the attention of cyber criminals looking to get in on the profits.
For business owners, this means that understanding the basics of mitigating the risk of cyber attacks is only the beginning. We need to take a deeper look at protecting against cyber security risks. Security certification is one area where you can reduce your security risks as a website owner.
Move to stronger security certifications
Although it is tempting to use less expensive certifications, these may leave your website users vulnerable to attacks from malicious parties. And if this happens, it will be your company’s reputation that is damaged as well as your clients’ interests.
For example, with DV (Domain Validated) Certificates, the authority issuing the certificate does not do extensive research into who owns the website. Often, they simply exchange confirmation emails with whatever address is listed in the domain’s WHOIS record.
Cyber criminals can make use of this to create websites that appear legitimate. For instance, if they were targeting a company with a real website such as OneTwoThree.com, they could register a website named OneTwo3.com, get a Domain Validated SSL certificate, and go on to deceive trusting consumers with a site created to imitate the legitimate site.
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) certificates enable you to encrypt data you send when you visit a website with that certification. This means that ideally, it is safer for you to communicate your credit card details, name, address, and so on. TLS is basically an updated version of SSL; somewhat confusingly, SSL and TLS certificates are often both referred to as “SSL.”
Again according to Symantec’s Internet Security Report, SSL/TLS certificates have been widely adopted since 2015. They report that about 40 percent of all downstream internet traffic (data received by a computer or network; for example, emails, downloaded files, or visited web pages) is now encrypted. They expect this to grow to more than 70 percent of internet traffic within the next year.
Create and commit to a schedule of regular maintenance, updates, and patches
It isn’t enough to secure your website once and then hope for the best. Your website can offer criminals a way into your network and your data. It can also provide them with access to your customers and business partners. This means cyber criminals are motivated to continually come up with new ways to attack you.
Many such attacks can be prevented with regular maintenance and patching. But website owners often fail to keep up, perhaps due to a lack of understanding of their vulnerability. Given that cyber criminals have recently been able to take advantage of poor security in attacks that weakened encryption, and in DDoS (Distributed-denial-of-service) attacks, website owners and managers need to commit to protecting their sites promptly.