ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > 7 Things That Make Every Website Safer for Customers

7 Things That Make Every Website Safer for Customers

Larry Alton, Writer, LarryAlton.com
| Posted at 3:13 PM by ISACA News | Category: Security | Permalink | Email this Post | Comments (2)

Your website needs to be well-designed, functional, and aesthetically reflective of your brand. But — don’t forget—it also needs to be safe. Website security is a vital path of development that makes your data less vulnerable to cybercriminals, and increases the security of your customers’ financial transactions.

You’ll also prevent the possibility of a massive consumer data breach—like the one faced by Target a few years back, which cost the company $39 million and even more in lost consumer trust. And, you’ll build your reputation and trustworthiness simply by having tighter security standards on display.

Getting Technical
Unfortunately, website security is a somewhat complicated issue. Top data security experts have decades of experience and work tirelessly to come up with ingenious new ways to protect against digital vulnerabilities. Today’s entrepreneur has access to tools like Website Setup that make it easy to launch and manage a website, but it’s difficult to match this level of dedication — especially when you don’t have the technical knowledge to back up your efforts.

Today’s website building tools and practically unlimited online resources make it easier to make your site safe — but you still must be familiar with your top priorities.

Website Safety Features
These are some of the most important website safety features to have integrated for your customers:

  1. SSL encryption. SSL encryption is a relatively simple installation and basic security feature that encrypts the connection between a web browser and a web server. When customers input information (like credit card numbers), that information is passed from the customer’s browser to your web server; SSL encryption makes sure that information can’t be easily seen or intercepted by third parties. SSL-encrypted sites are designated by a “https” prefix that lets consumers know they’re safer.
  2. Secure login and logout features. Simple, secure login and logout features also can make your site safer. For example, you could mandate that your customers re-sign in when they’re about to check out to avoid the possibility of fraudulent purchases made on an idly logged-in account. You could also have your site automatically log customers out after a period of inactivity. This helps prevent the possibility of infiltration and identity theft.
  3. Mandatory password requirements. You can also increase the security of your logins by instituting mandatory password requirements. Many people opt to create simple, memorable passwords such as “password,” “123456,” pet names, birthdays, or other basic combinations. However, these are easy-to-guess and make it simple for a hacker to gain access to that user’s account. You could mandate that passwords be at least a certain number of characters, or that they contain multiple types of characters like lower-case letters, upper-case letters, numbers, and special symbols.
  4. Multi-factor identification. Multi-factor security can also increase the safety of your site, though for the most part, this method is reserved for banks and other financial institutions where safety is of the utmost concern. With this setup, users are forced to identify themselves in multiple ways—such as with a signature device as well as a password-based login.
  5. Updated software and platforms. One basic action you can take to keep your site safe is keeping your CMS system up-to-date. For example, Wordpress routinely releases new software and new security protocols; making sure your site is updated will help you stay ahead of new potential threats and remain on the best system available to the public.
  6. Hidden admin directories. Most template and basic CMS sites have a simple way to be accessed: the main domain, followed by a “/admin” or similar setup at the end. Hackers realize this and often try to break into the back end of a site by first accessing this admin directory. You can make your site more secure by “hiding” this admin directory, disguising it with a custom URL or otherwise masking your original directory.
  7. Consumer information. Finally, keep your customers up-to-date with best practices for personal security. Let them know the advantages of choosing a strong, unique password, and encourage them not to stay logged into their accounts on public devices. There’s only so much you can do to your site to protect security breaches; arming consumers with information to protect themselves is the next step.

With these security factors in place, your company and your customers will both be better protected from digital threats. Your security doesn’t have to be top-of-the-line or ridiculously expensive to be effective; most cybercriminals spare effort by targeting only the most vulnerable companies, so even these simple features can help protect you.

Make the effort to step up your website’s security, and you’ll improve both customer acquisition and retention. What’s more, you will rest well knowing you have improved protection against possible attacks.

Comments

Know your audience

I realize this article may have been built with the layman in mind, but it would behoove us all to endeavor to be as accurate as possible when providing advice.  Your general points are sound, but the details are lacking.
SSL has been replaced via TLS. 
The article you link to in the password section does not mention passwords.
What is a "signature device"?  I've never heard this term before in the context of web security.
Hidden admin directories should be part of a broader "platform hardening" item.  https://codex.wordpress.org/Hardening_WordPress
JasonB42 at 2/27/2017 8:35 AM

useful and beneficial

as an MIS student, i am required to do a website as a project for one of the courses i am taking currently , and i found the article very useful and i realized its benefits.Thamls!
Eman508 at 3/3/2017 12:21 PM
You must be logged in and a member to post a comment to this blog.
Email