New Territory of the Digital Space
July 10, 2017
There’s an age-old question: is privacy a right or a privilege? This topic has been more prevalent in the news recently, regarding the new territory of the digital space. Several years ago, Edward Snowden’s release of confidential information on the government’s domestic surveillance projects stirred debate about internet privacy.
In a more recent example, just last year Yahoo suffered a major data breach, with almost half a billion users’ data and account details being stolen. In a time where there’s general skepticism of internet sources, it’s more important than ever to establish the credibility and safety of your website.
One way to work towards this goal is by implementing HTTPS correctly. By doing so, it provides users with a degree of security. The connection and data exchange with the server is encrypted, keeping information like browsing history, passwords and credit card numbers safe from outsiders. Because of this, HTTP sites may turn away users, since an unsecure connection could potentially be dangerous. If you want to make sure your site is fully secured with HTTPS, try to follow some of these tips:
- Any pages that require input of sensitive information (passwords, billing info, etc.) must be encrypted.
- The entirety of the site and all corresponding pages should be in HTTPS, as well as any content from external sites. Mixing HTTP and HTTPS content is still dangerous, and opens up the site to attacks.
- Make sure you always have your Secure Sockets Layer (SSL) certificate; don’t let it expire, and ensure it’s correctly registered under your domain name.
- Check that you’re using the appropriate HTTPS versions of URLs in your sitemap.xml.
- Use redirects or canonicals to HTTPS URLs to help with search engine optimization.
- Use the latest security protocol and programs.
- Using HTTP Strict Transport Security (HSTS) will ensure you don’t give users unsecured content, and using Server Name Indication (SNI) will allow for IP address universality.
- Sensitive cookies should not be broadly scoped, and given the “secure” attribute when being set up.
While these tips are not completely hacker-proof, they do offer your site safety from certain types of cyber attacks. By taking the time to put these protections in place, viewers are more likely to trust and use your site. If you would like assistance updating your website to HTTPS, contact KSA&D. We can provide a worry-free transition, and you, in turn, can provide a worry-free website to your users.