Ahead of Safer Internet Day on 9th February, you may ask ‘How safe is my website?’. We’ll try to help out with some hints and tips on how to make your site safer for your visitors.
The internet is, of course, vast. We all use the internet, most of us on a daily basis. We’re generally well aware of the safety measures we need to take to stay safe when using the internet, namely:
- Using complex passwords
- Changing your passwords regularly
- Using different passwords for different sites
- Entering your personal financial information only where you see a page with a padlock in the browser bar
- Being aware of the dangers of phishing emails
But, as a website owner, how can you be sure your site is safe for your visitors to use? How can you protect the information they share with you?
Making your website safe to use will benefit your visitors, but it will also improve your engagement, and ultimately your sales, if it gives them confidence in your site.
Install an SSL certificate – and make sure it is configured properly
What is SSL?
An SSL certificate, when properly configured, ensures that when visitors interact with your site they do so in a secure way.
SSL certificates enable website messages to be sent using the https protocol.
It’s not just eCommerce sites that need SSL. Any site that provides contact forms, forums, comments, and feedback, really needs it too.
Imagine a large pipe that connects your visitor’s computer with the server that holds your website. Now, imagine a hole is cut in that pipe so that all of the data sent between your visitor and your website is freely visible. This could potentially make sensitive information, for example, submitted from a contact form on your website, clearly visible to anyone snooping.
An SSL certificate installed on your website will encrypt this data so that it is much, much harder to see.
Web browsers are now playing their part by warning website users if they are visiting a non-secure page. Furthermore, search engines (notably Google), are giving a slight ranking bias to pages that support SSL.
Use SSL to ensure your internet traffic is safe from snoopers!
Do I need to pay for an SSL certificate?
Often, the answer is ‘no’. Many web hosts offer free SSL certificates to their customers. Some, though, still see it as a revenue-generating opportunity and will charge anything from £50 per year upwards.
When choosing a professional website host, make sure that you take into account the annual cost of an SSL certificate as well as their (apparent) low-cost hosting.
One of the reasons it might be worth paying for an SSL certificate is if you run a high-value eCommerce store and need the additional insurance, or more complex encryption, that a premium SSL certificate might offer. Generally, though, a free SSL certificate will suffice (and is always better than none!).
Configuring my site for SSL – can I just ‘switch my SSL certificate on’?
Generally, your web hosts will install the certificate for you. However, there might be some configuration you need to make to your website to make sure it is using the certificate properly.
For example, you’ll want to make sure there are no references to plain http resources on your site. Otherwise, web browsers might not show your page with a padlock. You’ll also want to make sure that any requests for http pages on your site get automatically forwarded to https pages instead. An example might be a site that links to yours and uses a http link instead of an https one. If you don’t automatically handle these http requests, then visitors arriving via those links will not see a secure page on your website.
There are well-documented methods for doing all of this on the web, and we can clearly help you with this, but we just wanted to make website owners aware that it may not be sufficient ‘just’ to install their SSL certificate.
Quick tip: if you already have an SSL certificate installed, try our 2-minute test to make sure all versions of your website work.
Storing visitor information safely
One of the other things you can do to reassure visitors that your website is trustworthy is to tell them what you’ll do with the data they share with you, and how you will keep it safe.
As well as being mandatory in many jurisdictions, this is also common sense. It’s fairly well documented what you need to tell people, but it’s critical to actually follow this through and really take care of visitor data.
To this end, here are a few thoughts about data storage:
- Storing submitted form contents – when someone fills out the contact form on your website, your website will generally email the details to you (and/or other persons in your business). Some websites also store submitted form data so that it is accessible in your website dashboard (or somewhere else). If your website ever gets hacked, this data will be available to the hacker. Even if your site is not hacked, this data may be visible to other users who can log in to your site.
- Order and customer information – generally, if you have an eCommerce website, it’s your payment processor that handles and stores customer card details. Often, though, eCommerce websites will store other customer and order information right inside your website admin area. This is usually necessary for the processing of orders, but consider removing older data when it is no longer required for the website for the same reasons as in the previous point.
- Controlling who has access to your website admin area – who has the login details for your website admin area? It might be ok, for example, for your website support person to have access, but if they haven’t had any dealings with you for a few years, it might be better to remove them from the site. The same goes for former employees, designers who might have been given ‘temporary’ access to build a landing page some time ago, etc. Have a regular check and removal of users that just don’t need to be there!
Working from home?
This final point is important wherever you work on your website, but is particularly relevant at the moment to employees and business owners who are working from home.
Unless you are working in a traditional ‘secure’ workplace, with only fellow employees around you, be careful to:
- lock your computer when you step away from it;
- protect it from being overlooked by others working nearby;
- password protect the files and applications on your computer containing customer data – especially if you are sharing the use of your computer (e.g. for homeschooling);
Concerned about your website safety?
Drop us a line with the contact form right at the bottom of this page if you have any concerns about how safe you think your website is for visitors.