A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Secure Web Site, Safe Business

When small and large businesses provide a Web site, they should attempt to make it as secure and safe as possible, both for themselves and their customers.

So many businesses have a Web site, but too many do not implement security measures. Before launching a company Web site, take steps to ensure safety for both the business and customers.

Earn trust

First of all, purchase a digital certificate from a well known certificate authority (CA), such as Thawte or Verisign, who are third-party organizations that verify the identity of your company and its Web site. Digital certificates inspire confidence in customers. At the same time, be sure to keep the certificate up-to-date. Expired certificates may lead to a loss of confidence.

Handle data responsibly

If you request information from Web visitors via a registration process or some kind of form, it is essential to use a secure, encrypted connection, such as SSL, to transmit data securely. Customers expect you to handle their personal information securely. Make sure you store data in encrypted form, and not in clear text, on your backend data servers.

Additionally, make sure that you do correct checking of entries in the forms, so that attackers cannot compromise your system via SSL injection and buffer overflows.

Maintain your tools

At your end, your software needs to be kept up-to-date. Your systems need to have a firewall and must run anti-virus software and anti-spam software. These practices help to prevent viruses or attacks on your systems.

Back up your Web site and all your data on another system. Often, DOS attacks cannot be prevented because they overwhelm firewalls and other intrusion detection systems. Often, companies mirror the Web site on another server, so if a DOS attack takes down the primary Web site, the company can switch to the mirror version with very little downtime and few customer complaints.

Ensure usability

If your Web sites installs cookies on the user’s computer, you should inform the user about it. While cookies can be helpful for personalizing the Web site for users, some cookies have been used for malware and spyware. Users who set their software to block cookies would need to disable this setting in order to use your Web site.

Similarly, if your site uses pop-ups, and the user has set the browser to block pop-ups, inform the user so that they may temporarily disable pop-up blocking.

Enjoy the benefits

A good company Web site can raise visibility and keep customers informed. Alternatively, a poorly designed and ill-maintained Web site can be a costly mistake. Follow these basic practices to avoid problems.

Share your comments, feedback or questions about this article and other topics. Go to our blog  or our Facebook group .

My home page