A website is just a website right? I mean, it just displays information to promote a business, and will often have an area where people can contact you. A common misconception is that a website can be built by anyone and if it looks ok, it is good enough. Nothing can be further from the truth.

A website is a machine. It's function is not just to display information about your business or services, but also increase the credibility of your business. It's required to encourage people to come to your website, and to convert them into a customer. A website is also responsible for ensuring that information collected from people is secure.

What is website security?

Website security is the method of ensuring information collected from people is transferred and stored in a safe and secure fashion. The website is responsible for ensuring it has measures in place to prevent it from being hacked. A good website developer will know how to protect a website from common hacking methods, and will develop a website in such a way to minimise any risk. However, even if a website is programmed well and has preventative measures in place to prevent hacking, information can still be stolen.

How can information be stolen?

To answer this question, we must look at how internet technology works. A website is located on a computer (or computers) somewhere in the world, and that computer has an IP address. On that computer will be one or more websites, and by typing in a Fully Qualified Domain Name into a web browser (such as http://jubec.com.au) the website will display. When a person loads a website and wants to send information back to the website, the user will often type in information into a form on the website. On a 'Contact Us' form, they will fill out their name, their email address, and their enquiry, and then press the submit button. And this is where things get interesting.

When the user submits a form, the information is sent to the computer where the website is hosted. However, to reach the website, information will pass through many other computers along the way until it reaches it's destination. This is because of how the internet is structured, and a good analogy for the internet is a city. It is impossible to drive to the other side of a city by using just one road. You have to drive through many roads, passing many intersections. You have the choice to get to your destination by taking many different routes. Some will be quicker, some will be slower. The Internet works in much the same way. Information from a user's web browser is first sent to their Internet Provider (ISP). The ISP will examine the data and will then forward it on to another computer that is closer to the destination. The next computer will collect the information, analyse it and will then forward it on to the next part of the journey. And this continues until the information reaches it's end target. By the time the information reaches it's destination it has passed through many different computers.

A normal website will send information unencrypted. This means that anything that is typed in by users will be sent across the internet in a human readable fashion. It is this part of the journey where information can be stolen. Information can be obtained by hackers before it even reaches the website's server.

Thankfully there is a way to prevent this risk. Installing an SSL Certificate on your web server and setting up your website to always use the certificate will ensure all communication between your customers and your website is performed in a fully encrypted, secure way. All information sent from people to your website is secure. Hackers will be unable to decrypt the information being transferred across the internet.

Added bonuses of SSL Certificates

As necessary as it is to ensure people interacting with your website are protected, There are other legitimate reasons why every website should use an SSL Certificate:

• Web Browsers will proudly display your website as 'Secure'
  Your website will be easily identified to people as being a secure website. This will instantly add credibility to your business and your brand, and people visiting your website are more likely to trust the information you display. In fact, there are many users who will not interact with any website forms unless they feel they are being protected. If your website sells products or services online, an SSL Certificate is a must!

  

• Increased Google Rankings
  Google has recently ramped up it's push to encourage people to secure their websites with SSL Certification, and are favouring websites that use SSL over their non-encrypted counterparts. In fact, if your website does not have an SSL Certificate installed and is not configured to work over the HTTPS protocol, your website's visibility on search engine results will decrease.
• SSL Certificates authenticates your website
  An increased hacking method being employed is the cloning of a website to steal information. For example, a hacker might make a fake website that looks identical to a real website, and then try to direct people to their fake websites. These websites are used to steal username, passwords and credit card information.
  By having an SSL Certificate installed, users will be able to verify if the website they are viewing is an authenticated website belonging to your business.

  

• Future proofing your website
  In Australia, information being collected and used by websites will often need to conform to the Privacy Act 1988. The Act details what information can be stored and how personal information is handled. With online privacy and security constantly a hot topic, it is conceivable that the Privacy Act will be amended to include legal obligations of how information is transferred over the internet.

SSL Certificates - What are the options?

There are a number of different types of SSL certificates that can be purchased for your website. There are also a number of different SSL Certificate providers that offer differing pricing for their products. There is no 'one size fits all'. Here is a list of the most common types of SSL Certificates:

• Single-Name SSL Certificates
  A Single Name SSL Certificate is designed for use on one website with one domain name. These certificates will usually work with website domains with or without the 'www' component on the address.
• Extended Validation (EV) SSL Certificates
  EV SSL Certificates offer the highest level of authentication and is only issued to companies after a rigorous verification process. These certificates are designed to boost and maintain customer confidence and web browsers will display the name of the business in Green at the top of the web browser.
• Wildcard SSL Certificates
  For websites with one or more sub-domains. Our domain is jubec.com.au, but a sub domain might be something like 'geeks.jubec.com.au'. If your website has sub-domains then a Wildcard SSL Certificate is what you will need. Wildcard SSL Certificates operate in a similar way to Single-Name SSL Certificates but will include sub domains as well.
• Multi-Domain (SAN) Certificates
  If you own multiple domains, it is possible to secure then all under the one certificate by purchasing a Multi-Domain Certificate.

To get your website onto SSL, contact us today!