Over the past 6 weeks I’ve had the opportunity to travel the country and attend different networking events. I’ve met a lot of fantastic people doing great things in business. Some of these individuals are in the startup phase, some have revenues estimated in the mid-8, up to 9 figures.
A troubling trend that I have noticed when doing some follow-up research is the improper implementation of security certificates on websites. It’s the problem that won’t go away.
I was in contact with a company this past week for an improperly configured website. Once you logged into the secured portal, my profile page bounced back and forth between secured and unsecured pages. This meant the “secured” areas of the website were susceptible to hijacking.
Just as troubling was the initial response of “this is normal” when I first reported it to them. Wow, did they say that to the wrong person! No, it’s not normal.
Not a New Problem
Improperly secured websites are not a new problem. It just seems to go in waves when I notice a bunch messed up at one time. It sticks out to me like a sore thumb.
Securing your website with an SSL certificate falls within the BASICS 101 category. Even if your website is just for family pictures, turn on an SSL certificate.
There are few reasons I think this is still a problem in 2019.
- I do not think all outsourced web design firms/freelancers are versed in basic web security. Their focus is on website design and website speed.
- Not all web hosting providers enable security certificates by default or there is added cost associated.
- I still think there is the wrong mindset, it could never happen to me. Even with all the media attention around corporate data breaches. YES IT CAN!
While an organization like Equifax can weather the storm of bad press around a data breach, could your small business survive?
Why it Matters
An SSL certificate verifies to your visitor that your website identity is authentic and if they provide you any information thru the website, the transmission of data is secured.
Even if computers “aren’t your thing”, you can still easily tell if your website is secured or not. Firefox for instance will show a lock icon next to the website name. Click the lock and it will say website is secure (green) or not secure (red). The Chrome web browser is more obvious and will say NOT SECURE.
What can you do?
To ensure this fundamental task is completed correctly do the following:
- If you are working with a web designer (or tech support person), ask them specifically if they will implement the security certificate. Ask what hosting provider they use, is SSL a default or a paid add-on, and will the entire website have SSL implemented?
- If you are a do-it-yourselfer, check with your hosting provider if the SSL is free or a paid add-on. The hosting provider support personnel should very easily assist getting the proper security certificate enabled.
- A FREE option is establishing an account with CloudFlare.com. They will give FREE certificates and you do not have to change hosting providers. Just a few domain name settings.
- If you are a web designer, take the time to learn how your hosting provider of choice implements SSL. Make it a part of your most basic package. Never design another website without one going forward.
There is a lot more work to ensure that your corporate data is secure, but we must start with the basics.
But I don’t have a website
I have one simple rule if you don’t have a website of your own:
“Never transmit anything thru a website without a security certificate!”
Ignorance is NOT an excuse anymore.