Google put out a notice in August 2014 that their algorithms would incorporate the existence of a website security certificate to affect website rankings in their search results. It is easy to tell if a website is secure through the HTTPS (hypertext transfer protocol secure) present in the URL instead of HTTP and a padlock image—if you haven’t set up secure encryption on your website yet, now is a good time to get that done.
Based on recent hacks on big corporations and small businesses, it makes sense why this is becoming a priority for websites and not just another trend. Hackers as a whole are getting a lot more sophisticated in their methods to obtain information from people while remaining anonymous and this is shown in the large scale hacks in the last couple of years.
Hackers Take Vital Information from American Corporations
Surprisingly, it doesn’t matter what kind of business you have because hackers will hit wherever they can and that also means big businesses with lots of money, which you might expect would have secure sites. These are the most recent large scale hacks that affected millions of people and wounded businesses.
- Anthem: In February 2015, Anthem discovered that hackers took personal information from 80 million subscribers, which included their names, date of birth, member ID, social security numbers, addresses, phone, email, and employment info. It is not yet clear who is responsible for this hack.
- JP Morgan Chase: July 2014 saw JP Morgan Chase hacked and 76 million customer names, address, phone numbers, email, and application information compromised. It took a month for anybody to notice it happening. The hackers are believed to be from Russia.
- Ebay: As the biggest breach thus far, Ebay was hacked in February 2014 with the database compromised, as well as names, email, passwords, address, and birth dates of 233 million users. The hack was not identified until May 2014 as stolen employee credentials. Many providers were compromised with false payment pages. Ebay did not announce who was responsible but the Syrian Electronic Army took responsibility.
- Target: In December 2013, during the busiest time of the year, hackers installed software credit card machines in Target stores to steal information from 70 million customers. Data taken includes names, address, phone, emails, and payment card data. About 40 million customers reported their card information stolen that same month. Security firms linked the breach back to individuals in Russia and Ukraine.
- Home Depot: Before Target in early 2013, the suspected responsible party for the Target hack installed malware on the cash register systems of 2,200 Home Depot stores to steal the credit and debit card information of 56 million customers.
Federal law enforcement investigators handled many of these hacks in order to identify the site vulnerabilities and track down the unknown responsible parties.
How Hacking Can Occur on Websites
Lots of websites are experiencing hacking because of vulnerabilities in the construction of the site. Many hacks can occur through the various forms of a website and through weak passwords. If someone can sign-up for a newsletter or fill out a contact form on your site, then it is susceptible to hackers.
After whistleblower, Edward Snowden, revealed that the NSA were spying on citizens, there’s been a move to better cyber-security and privacy. Many sites already turned on encryption and set up security certificates to protect their users like Facebook, Yahoo, and Google, but obviously not enough with all of the hacks occurring. Encrypting a website means that information passed between devices and online is digitally scrambled to prevent personal information from getting stolen.
How to Secure Your Website
Next, obtain a security certificate that enables HTTPS. There is one for a single domain, multi-domains, and dynamic subdomains. Be sure to get this through a certificate authority that issues digital certificates and set it up using a high level security of 2048-bit key instead of 1024-bit.
It is best to have a development company set up this security certificate for you as there are many errors to avoid like expired certificates, correct registration, supported browsers, crawling and indexing issues, etc. This way, any and all errors can be tested and fixed, otherwise your site can return a 404 error to users. Redirecting the site using server-side 301 HTTP redirects can be tricky too.
When it comes to online forms, a man-in-the-middle attack occurs when a user believes they are communicating only with that website but in fact another person is eavesdropping through hacking. Using an authentication code helps to minimize the chances of this happening and reassures users that the website is proactive to protecting their information.
Secure Sites for SEO
Knowing that websites are becoming more vulnerable to hackers and in an effort to protect the privacy of users, Google is favoring websites that are secure. Some SEO firms are complaining that security certificates slow down a site and there are other ways to improve the ranking of a site through optimization instead of securing it.
However, a website is going to be viewed in a more positive light by both customers, users, and search engines if they take the effort to protect those that ultimately use the website: people. Besides, speed can be improved by using a high-speed encryption plus optimizing the site overall, improving page load times, and using relative links.
The biggest thing to keep in mind is that besides improving SEO, having a secure website is all about securing the private and personal information of users while helping them to feel confident in the company, brand, and using the site without worrying that they will be a victim of identity theft.
Customer Paradigm is a Magento Development and Colorado SEO company helping businesses acquire, retain, and interact with their customers. If you need help securing your website from vulnerabilities and hackers, Contact Us today for more information.