If you’re a business owner trying to make sure your website is safe, secure and trustworthy to customers, navigating your way through the dizzying array of cyber security-related can be confusing, frustrating and just plain boring. We’ve put together this in-a-nutshell guide to make it as painless and simple for you to understand some key security terms so you know what your site needs and why.
What it is: Trust Seals are graphics for your website’s homepage that show customers your site is safe and secure and that you are who you say you are. There are many companies that offer various kinds of trust seals. The three main types are Privacy Seals, which lets customers know their personal and financial information is safe; Business Seals, which show that an outside company has verified that you are who you say you are; and Security Seals, which demonstrate that your site has been scanned for viruses and security holes.
Why you need it: More customers, more sales, more ka-ching! Trust seals have been shown to increase consumer confidence, decrease shopping cart abandonment and boost sales. When customers feel your site is secure, they’re more likely to buy from you.
What it is: An SSL (it stands for Secure Sockets Layer, if you really want to know) Certificate is a digital form issued by an outside party that says your site is authentic and uses SSL encryption to scramble data from a customer’s computer to your server so their info is protected from third parties trying to access it. SSL certificates include the certificate holder’s name, the certificate’s serial number and expiration date, a copy of the certificate holder’s public key, and the digital signature of the certificate-issuing authority.
Why you need it: If your company takes online payments or collects sensitive information, you need it. An SSL certificate is an added layer of protection to help assure your customers that your website is safe. It won’t protect you (or them) from hackers, but when visitors see the padlock in the browser window that indicates that SSL encryption is being used, it can help build confidence that your company is taking steps to protect their data.
What it is: Payment Card Industry Compliance applies to you your company collects, transmits, processes or stores cardholder information. Being PCI Compliant means you’re following industry requirements to keep your customers’ data safe. The regulations were developed by a council (Payment Card Industry Security Standards Council – aka PCI SSC) set up by the big credit card companies – Mastercard, Visa, American Express, Discover and JCB.
Why you need it: Do you want to pay massive fines? Didn’t think so. If you’re not PCI Compliant, then you’ve got to pay up. The regulations are too complex to get into in a brief summary, but here’s a detailed explanation.
What it is: Vulnerability Scans check for security holes in computer networks to make sure you’re not letting the bad guys in. They typically are automated scans and should be run continuously.
Why you need it: You don’t want hackers stealing your info, causing your customers to distrust you and costing you money, do you? Of course not! Vulnerability Scans help protect your network and your customers’ data and are the first step toward being PCI Compliant and getting a Trust Seal (we mention both above.) For more deats on vulnerability scans, we’ve got it covered here.
IT Penetration Test (PenTest)
What it is: PenTests actively, intentionally attack and exploit a computer system to see if there are any holes in your network. It’s basically like a hacker attacking your network, only they’re on your side. PenTests require expertise and aren’t automated like vulnerability scans are.
Why you need it: Combined with vulnerability scanning, Pen Tests give you comprehensive security coverage. PenTests should be done once a year by a computer security expert (or good guy hacker, if you will) to identify what data was compromised during the test. Need more on Penetration Testing? You can find it here.