INTERRISK ASIA
(THAILAND) CO., LTD.
SURVEY
TRAINING & SEMINAR
CONSULTING
Do I need website security? What is an SSL certificate?Do I need website security? What is an SSL certificate?
Exactly how safe is your website? As ordinary web users, we rarely think about the risks of an unprotected site. This is a short guide on how to keep your website and business safe. Some basics are discussed, such as what is an SSL certificate, the different types and why we need them. An SSL certificate, or Secure Sockets Layer certificate, is a third-party verification that provides technology to encrypt data to protect information.Exchange of information can happen in many forms, e.g. blog comments, login details or landing pages. Every website will need at least one SSL certificate.
Blog or information site: Anonymous visitor data is collected via Google Analytics by simple cookies. There is less requirement for security as there is no collection of personal data.
Company site for marketing products: Data is collected from site visitors and used to target marketing campaigns. Clients need to agree with such data collection. The more information, the more risk there is of a data breach.Hence, more security is needed.
Ad-funded website: Collecting site visitor information may be passed on to third-party advertising networks. How this information is stored and used by the ad networks varies. This includes sites that share information via social networking such as Facebook.
E-commerce website: Transactions using detailed information such as address, phone number, credit card numbers and other financial information is performed. Username and passwords make it vulnerable to thieves, therefore higher security measures are needed.Any processed data needs to be encrypted. SSL certificates should be used.
Discussion forum or other sites involving sensitive data: Sites recording religious topics, medical records, or criminal records deal with sensitive data and thus requires specialcategorization.
How many do you need?SSL Certificates depend on the number of ‘common names’ your website has. For example, if your site is accessible by typing in “www.example.com” and “example.com”, you will need separate SSL Certificates for each. If you have multiple servers, you may require multiple certificates.
For websites, the main types areDomain Validated and Organizational Validated SSL. More advanced Extended Validation (EV) is also available.
The lowest level authentication is the Domain Validated (DV) SSL Certificate, in which the Certificate Authorities will simply send an email to the listed emailaddress of the domain admin of the site. Having just one DV Certificate is not enough for good website security.
Organizational Validated (OV) SSL Certificates, however, checks the identity of the company and person applying with more detail. An address is needed as well as the specific contact. This will then be displayed in the browser’s user interface.
Getting an Extended Validation (EV) SSL requires more vigorous vetting. EV SSL certificates will enable visual signs,such as the green address bar in the browser. This shows that the company has provided detailed information which has been checked and audited by the Certificate Authority.
Money: Being blacklisted by search engines such as Google results in site downtime.
Reputation and trust: If the site does not have SSL certificates, this translates to poor organization and therefore customer experience.
Search engine ranking: It can take up to six weeks to get off a search engine blacklist which makes the website unsearchable. Even though the site is not blacklisted, people will still click away if there is any indication that the site is not safe, lowering search engine rankings.
https://www.symantec.com/connect/blogs/typ es-ssl-certificates-choose-right-one
http://www.csoonline.com/article/3153707/sec urity/top-5-cybersecurity-facts-figures-and- statistics-for-2017.html
https://www.scmagazine.com/whitehat- security-release-website-security-statistics- report/article/536252/
https://www.techopedia.com/definition/24747/ cybersecurity
http://money.cnn.com/2015/04/14/technology/ security/cyber-attack-hacks-security/
