Shared SSL vs. Standard SSL

Shared SSL
If you use your hosting company’s shared SSL, your checkout page’s URL will appear as follows:
https://secure.yourhostingcompanysdomain.com/andsomemorerandompathhere

Standard SSL
If you purchase your own SSL Certificate from a CA such as VeriSign, your checkout page’s URL will appear as follows:
https://www.yoursite.com/yourcheckoutpath

Social Engineering

Social engineering is a deceptive practice to manipulate people into revealing confidential information. Criminals have been known to trick people into disclosing personal information, passwords, credit card numbers and other sensitive information. Social engineering is one of the most dangerous crimes web surfers and online businesses face today. It is a low-tech crime, but it can hurt some of the most sophisticated companies.

Pretexting

This technique is commonly used to trick a consumer or business into divulging sensitive information. Individuals use this method to obtain phone and utility records, banking records, addresses, credit card numbers, user names and passwords, e-mail addresses, and other confidential information. Bases on the information collected, the criminal can establish an even greater authority. Many U.S. companies ask for a social security number, mailing address, phone number, mother’s maiden name, or date of birth to authenticate customers. All of which can be easily obtained.

Pretexting is frequently used to impersonate colleagues, authorities, bank, tax authorities or anyone who could have a right-to-know in the mind of the target. The pretexter is armed with prearranged answers to possible questions that the target may ask.

Voices over IP programs are popular among pretexters because they provide an easy platform for untraceable phone calls. The lack of a traceable phone number makes the pretexter less vulnerable to being caught.

Encryption

All data exchange between your website and your website visitors must be encrypted. Encryption is the technology that scrambles data before transmission. It ensures that only authorized parties can read the data. Encryption is what keeps credit card numbers, addresses, social security numbers, and other sensitive information secure during online transactions. Be sure that you explain your customers about encryption. The checkout page is a great place to include brief information about what encryption technology your site uses. The key here is not to scare your customers with too much information, but to explain the security measures your company takes to provide a same shopping experience.

            California passed a law in 2003 requiring businesses to notify consumers in the state if their unencrypted data have been compromised. Several other states have passed similar laws. Several major credit card companies such as Visa and MasterCard require businesses operating online to verify that they have taken a number of steps, including encryption, to protect customers who use credit cards.

SSL (Secure Socket Layer)

You need SSL is you have an online store and accept credit cards. Anytime sensitive data is transmitted between your website and your customer’s computer, you are using SSL. Without SSL, all data transferred would be an open book, leaving consumers vulnerable. Data sent without SSL is the equivalent of sending a letter in a see through envelop.

SSL Certificates 

Digital certificates are the lifeblood of SSL technology. SSL certificates are issued by CAs (Certificates of Authority) such as VeriSign Corporation. VeriSign digitally signs each certificate it issues. Each browser contains a list of CAs to be trusted. During the SSL handshake, the browser confirms that a trusted Certificate of Authority has issued the certificate. If the CA is not trusted, a warning will show. As browsers recognize an SSL Certificate, they display the name of the CA next to the browser bar.

Practical Example: If you are using a shared hosting account for your site. The host will provide you with a shared SSL certificate. The shared certificate should be included in your hosting fee. It is an inexpensive solution to keep your website secure.

Ideally, you would never write down your passwords, but it is becoming difficult to do with so many accounts. If you have to write them down, keep them locked in a safe or some other secure environment. Passwords on Post It notes are a recipe for disaster. Don’t do it!

            Don’t share your passwords with other, not even friends or family members. If someone has to use one of your accounts, log them in instead of sharing your password. Don’t give out your password over the phone unless you have initiated the phone call. For example, you may receive a phone call from your Internet Service Provider asking for your password. Ask for their phone number, cal them back, then give out your password. Telephone conversations are not considered secure. Neither are online chat, email, or instant messaging.

            Change your passwords regularly. A new password every 45 days is a good practice. Having the same passwords for years is a weak security practice. Set yourself reminders in your calendar. Make it a routine procedure. You’ll see that after a few months, it becomes a habit.

            Avoid typing your password on public computers. Unfortunately, many public computers have been compromised, making their users vulnerable for malicious keystroke logging scripts.

It all starts with a strong password. We all have more passwords we care to have. It might sound simplistic, but strong passwords are a must for good security. Strong passwords to your web, ftp, and data servers are the easiest first step toward a secure web presence.

            What Makes A Strong Password?

• A three-character password is much weaker than a six or eight character password. A good rule of thumb is never to use password shorter than eight characters.
• In no way should you use the default password
• Never make a word found in a dictionary your password. One of the most common methods to break into systems is to run scripts that try using dictionary words to guess your password. The less your password looks like a dictionary word, the less likely will someone guess what it is.
• Include numbers and special characters
• Avoid repeated numbers, characters or sequences such as 12345678, bbbbbbbb, or 33333333
• Never use the user name, or any combination of it, as your password. Don’t use your domain name as your password either.
• Don’t use look alike substitutions like “4ufromme”, or n0t@home”
• Use the entire keyboard, and try to use the less common keys
• Use different passwords for different accounts. If you use the same password for all of your accounts, you may find multiple of your accounts compromised simultaneously.
• Never, ever use a blank password.

Examples of strong passwords are:

A combination of several words that aren’t themselves a word interspersed with special characters (e.g., !4scOrE&sDayNYeaRs_ag0)

A word with digits of a memorable date sprinkled inside it
(e.g., vacation -> 0vac2a0t9io19ln99)

Consumers and businesses agree that security remains a primary concern in the development of e-commerce. Identity theft, stolen credit card information, credit card fraud, hackers are among the most common threats. The dangers are real. As your online business matures, you have to make a real effort to secure your web presence.

Failure to secure your web presence can result in a variety of complications such as financial loss, loss of customers, damage to your credibility, and data loss. Worst of all, it can potentially cost you your business. You have many options to build a secure online business. In the past few years, the number of security related services have grown exponentially. Arming your business with hardware and software is less expensive than you think. The challenge is to stay one step ahead of the bad guys.

Hackers, frauds, and other criminals are constantly searching for the weakest link. Keep in mind that you are not only protecting your business, but your customers. It is common for customers to arrive to websites with their computers already compromised. Your job is to ensure that the shopping experience is safe.

Fortune 500 corporations are frequently reporting security breaches. While it is alarming to read about security violations, many security breaches are never reported. The larger your business the more someone has to gain from breaking into your system. Small companies are just as vulnerable to break in, denial of service attacks, social engineering, and more.

            As a business owner you should concentrate on preventative measures as opposed to reactive measures. It may take you days or months to realize your system has been compromised. The resulting damage could have devastating effects on you and your customers. Damaging, sharing, selling user information is a real security threat.

            Equally important to providing a secure shopping experience is communicating it to your customers. If your customers don’t trust your site, all the security in the world won’t close the sale for you. Explain it load and clear throughout your website the measures you took to create a secure environment. Explain what industry standards you use to help keep their information secure.

It requires a significant time commitment, publishing a newsletter may be one of the most effective ways to keep in touch with your clients. The newsletter can help you, generate trust, develop brand awareness, produce leads, and build future business. In addition, it helps you build a list of e-mail addresses from those who visit your site but aren’t yet ready to make a purchase. Always, ask for an e-mail address and first name so you can personalize each newsletter. The key to an effective newsletter is quality not quantity. If you cannot produce enough quality content each month, release your newsletters less frequently. Provide quality and your readers will thank you for it.

Providing free information to your site visitors could lead to sales. You might have a new book for sale, and making the first chapter freely available might help you close more sales. Letting your customers try some of your product before buying reduces buying stress, and it can lead to higher conversions. If you are a consultant, you could give away free online reports.

It is obvious but sometimes overlooked. Be sure that all reprints of cards, stationery, catalogs, brochures, and literature contain your company’s web address. Always double check that the syntax for your website address is correct.

Your business blog is one of the best ways to get others to link to your site. A blog is less formal than an article and more conversational. You have the power to make your industry interesting to your readers through conversational writing. The blog is not about you. It is about providing value for your customers. If you offer outstanding content and regular industry comment, people are likely to link to it, increasing your site’s link popularity. Remember, links are good.

Practical Example: When you blog you are elevating your status to expert level. People are rather buy from experts than sales people. Provide valuable content to your visitors, and they will spread the word. If you have a blog about fly fishing, your readers are more likely to buy from you than another business that simply lists fly fishing equipment on their site. In addition to becoming customers, they will recommend your business to others, in essence become your unpaid external sales force.

You can significantly increase your visibility when you write articles in your area of expertise. Be sure that your articles are informational. Don’t waste anybody’s time with commercials disguised as articles. The key to successful article writing is to provide value. People will notice when you have something of value to say.

Articles deemed valuable are; posted on article directories; e-mailed in newsletters, embedded in e-commerce site. In most cases, the author receives a link to his website. The links help in a couple of ways. One, they generate traffic to the site. Second, links help to improve your search engine results. The more links you have pointing to your site the better. Search engines view links to your site as a vote of confidence. The more links you have pointing to your site the more valuable your web site becomes.

You can contact website that might benefit from your articles, and offer your articles. Just ask that a link to your website and a one-line description of what you offer be included with the article. Articles offer an effective “viral” approach that can produce hundreds, or even thousands, of links to your site over time.

Practical Example: As you become a prolific author of articles related to your service you build reputation. Through your articles, you enable you customers to find your website indirectly. A business owner may find one of your articles while searching for marketing advice online. After she reads your article, she may click the link to your site from within the byline. Because you have already provided her with value, she is more likely to become a customer.