This holiday season will be full of “shopping joy” (and debt) as thousands (millions) of holiday shoppers, shop for gifts. A lot of the shopping will be done online. Many shoppers are much smarter about shopping this holiday season and hopefully will be more careful in where they shop so that they can better ensure their credit card and other financial and personal information is as safe as possible.
As an online retailer its important that you do all you can to ensure your web site is safe from malicious hackers who want to steal as much information as they can – customer credit card information, passwords and everything else.
Here’s a few tips, from Symantec, you can consider to make your online shoppers have a safe shopping experience and to overall, better secure your web site.
Use SSL to protect all online transactions and sensitive information
The growing frequency and severity of cyber attacks puts online data and transactions increasingly at risk. Encryption provides proven data protection but unfortunately, most organizations don’t provide end-to-end encryption when transmitting confidential data of people using their websites. To better protect themselves and their customers, SMBs should implement Secure Sockets Layer (SSL), also known as Hypertext Transfer Protocol Secure (HTTPS), for all sites requesting sensitive personal or financial information, such as online registration, commerce and banking.
Display a recognized third-party trust mark as visibly as possible
Consumers do not always know who is behind a website they are visiting and need verification that it is run by a legitimate business. This is especially true for SMBs, which often lack widespread brand recognition as a trusted entity. Trust seals and trust marks from respected third parties are important ways for SMBs to show their trustworthiness and increase visitor confidence, traffic and transactions. Moreover, SMBs should look for seals that are not just static images (which are often inauthentic), but dynamically link to real-time tracking of which company bought the seal and which Certificate Authority (CA) issued it.
Upgrade to EV SSL so customers will see the green address bar (their cue a website is safe)
Cyber attacks are becoming more sophisticated every day, making it nearly impossible to determine whether or not a website is authentic. Social engineering and research can make it virtually impossible to distinguish real emails, web links and websites from fake ones just by looking at them. A valuable tool to prevent cyber crime are Extended Validation Secure Socket Layer Certificates (EV SSL) for all sites using SSL. The Online Trust Alliance (OTA) 2011 Online Safety Honor Roll and Scorecard reported a 68 percent year-to-year increase of EV SSL adoption. EV SSL turns part of the browser address bar green, showing that the Web site (and, by extension, the organization behind it) are legitimate. This visual cue provides immediate verification and increases consumer confidence.
Prevent malware infections and blacklisting from search engines by incorporating automated malware scans and vulnerability assessments
Both browsers and search engines require website owners to prove their sites are not infected with malware. To protect their users, search engines and browsers blacklist infected websites, flag them and warn all visitors that the sites may harm their computers. Blacklisting spells huge trouble for infected websites, harming the website’s visibility, reputation and search rankings, even if the website owners fix the problem. To help reduce malware risks and preserve their good names, SMBs should strongly consider regularly scheduled, automated malware scans and vulnerability assessments. These cloud-based services help ensure website owners and visitors alike are exposed to hidden malware for as brief a time as possible. Presenting seals indicating the services are in place offer immediate, demonstrable proof that visitors can trust a website to be malware free.
Prevent malicious advertising (malvertising) by continuously monitoring third-party code, links and advertising
A website’s success depends on visitors trusting that the site’s links and banner advertisements are safe. Cybercriminals know this and have deployed malvertising to take advantage of that trust. Malvertising takes three primary forms: cyber criminals hack into websites and inject malware into banner ads, website owners unwittingly distribute malware after cyber criminals compromise their networks and pose as genuine advertisers and wait for victims to click on their ads. Website owners can have tremendous difficulty detecting malvertising attacks and an even harder time tracking down perpetrators. To mitigate these risks, SMBs should invest in services that scan, detect and report malvertising on their websites. These services also automatically alert publishers and identify the location of malicious advertisements so customers can remove malicious ads that may damage their business’ reputation.