To ensure that your customers can rely on your website to be safe and secure, we recommend small businesses with online storefronts follow these best practices from Symantec. Doing so will guarantee your customers’ shopping experience is a secure and safe one!
1. Use SSL to protect all online transactions and sensitive informationThe growing frequency and severity of cyber attacks puts online data and transactions increasingly at risk. Encryption provides proven data protection but unfortunately, most organizations don’t provide end-to-end encryption when transmitting confidential customer data. To better protect yourself and your customers you must implement
Secure Sockets Layer (SSL), also known as Hypertext Transfer Protocol Secure (HTTPS), for all sites requesting sensitive personal or financial information, such as online registration, commerce and banking.
2. Display a recognized third-party trust mark as visibly as possibleConsumers do not always know who is behind a website they are visiting and need verification that it is run by a legitimate business. This is especially true for SMBs, which often lack widespread brand recognition as a trusted entity. Trust seals and trust marks from respected third parties are important ways for SMBs to show their trustworthiness and increase visitor confidence, traffic and transactions.
In February 2011 – just after the winter 2010/2011 shopping season – a U.S. Online Consumer Study found that 94 percent of respondents were likely to continue an online purchase when they viewed the Norton™ Secured Seal during checkout, more than any other seal displayed. Moreover, SMBs should look for seals that are not just static images (which are often inauthentic), but dynamically link to real-time tracking of which company bought the seal and which Certificate Authority (CA) issued it.
3. Upgrade to EV SSL so customers will see the green address bar (their cue a website is safe)Cyber attacks are becoming more sophisticated every day, making it nearly impossible to determine whether or not a website is authentic. Social engineering and research can make it virtually impossible to distinguish real emails, web links and websites from fake ones just by looking at them. A valuable tool to prevent cyber crime are Extended Validation Secure Socket Layer Certificates (EV SSL)for all sites using SSL. In fact, the Online Trust Alliance (OTA) 2011 Online Safety Honor Roll and Scorecard reported a 68 percent year-to-year increase of EV SSL adoption. EV SSL turns part of the browser address bar green, showing that the Web site (and, by extension, the organization behind it) are legitimate. This visual cue provides immediate verification and increases consumer confidence.
4. Prevent malware infections and blacklisting from search engines by incorporating automated malware scans and vulnerability assessmentsBoth browsers and search engines require website owners to prove their sites are not infected with malware. To protect their users, search engines and browsers blacklist infected websites, flag them and warn all visitors that the sites may harm their computers. Blacklisting spells huge trouble for infected websites, harming the website’s visibility, reputation and search rankings, even if the website owners fix the problem. To help reduce malware risks and preserve their good names, SMBs should strongly consider regularly scheduled, automated malware scans and vulnerability assessments. These cloud-based services help ensure website owners and visitors alike are exposed to hidden malware for as brief a time as possible. Presenting seals indicating the services are in place offer immediate, demonstrable proof that visitors can trust a website to be malware free.
5. Prevent malicious advertising (malvertising) by continuously monitoring third-party code, links and advertisingA website’s success depends on visitors trusting that the site’s links and banner advertisements are safe. Cybercriminals know this and have deployed malvertising to take advantage of that trust. Malvertising takes three primary forms: cyber criminals hack into websites and inject malware into banner ads, website owners unwittingly distribute malware after cyber criminals compromise their networks and pose as genuine advertisers and wait for victims to click on their ads. Website owners can have tremendous difficulty detecting malvertising attacks and an even harder time tracking down perpetrators. To mitigate these risks, SMBs should invest in services that scan, detect and report malvertising on their websites. These services also automatically alert publishers and identify the location of malicious advertisements so customers can remove malicious ads that may damage their business’ reputation.
