AREA OF SERVICE
Syracuse &
Central New York
Get in touch
555-555-5555
mymail@mailservice.com
PHONE
315-484-4500
Why Your Website Needs HTTPS No Matter What Service Your Business Provides
srost • Apr 25, 2022
WHAT IS HTTPS, AND WHAT DOES IT DO?
In general, HTTPS creates a more secure means of communicating information over an insecure network. It’s important when we’re putting our personal information—like a credit card number, social security number, date of birth, or confidential health information—into a website form. If that information is intercepted by people who don’t have the right to have it, we’re going to have a bad day.
However, it’s more necessary today that any website, no matter if it has a form or just text and images, be secure. Without proper and ongoing security, threat actors (aka the bad guys) can harm your visitors and business by doing things like changing the content on your site, adding links to malicious sites, or “eavesdropping” on a visitor’s activity on your site.
A BRIEF HISTORY OF HOW WE GOT HERE
In 2010, the Electronic Frontier Foundation and The Tor Project released a browser extension that automatically made websites use HTTPS. Fast forward to 2014, and Google started a heavy push to get website owners and developers to make their site more secure by implementing HTTPS across the site. In July 2018, Google Chrome automatically marks all non-HTTPS websites as “Not Secure.” And because Google is…well…Google, they have the clout to make big changes standard across the Internet.
WHAT IF MY WEBSITE DOESN’T HAVE HTTPS IMPLEMENTED?
We highly recommend you get it done. The increased security alone is worth it , but the other big benefit is the peace of mind that your website’s visitors won’t feel distrustful of your site. You don’t want to miss out on potential prospects for your business from this issue.
One other small benefit is a boost in your site’s visibility for Google searches. We’ve found that sometimes there’s a noticeable boost, and other times, not so much. It’s dependent on a few things, like if your competitors for key searches already have HTTPS across their sites as well as correct implementation.
HOW DO I DO IT?
Every website is different, but every good implementation or update starts with a solid plan. Key things to include in your implementation are:
- Using a staging or testing environment to test all changes before going live.
- Adding 301 redirects from the old HTTP to the new HTTPS URLs (tip: use a simple spreadsheet to map out your redirects).
- Along the same lines, making sure you aren’t creating redirect chains or loops.
- Ensuring that all internal links, images, and other assets are properly set as HTTPS (mixed content is a security vulnerability).
- Updating your sitemap to use HTTPS versions of the URLs.
- Changing any analytics platform accounts to use the new default HTTPS URL. Otherwise, your website traffic stats might be off.
Notifying any outside marketing agencies you utilize of your new URL; this is important so they can change any marketing campaign URLs appropriately.
These are just a few of the items needed as part of your implementation plan. If you’re using an outside web development company to manage your website, be sure to ask for a written plan from them. It’s more than fair.
For any assistance getting your site up to par with HTTPS implementation, contact us.
Your partner in personalized IT solutions for 30+ years.
In 2019, New York State Governor Andrew Cuomo, signed the Stop Hacks and Improve Electronic Data Security Act, otherwise known as the SHIELD Act. The Act went into effect on March 21, 2020. The SHIELD Act is a required guideline set by NYS to further protect the identity and security of NYS individuals’ private information, whether your company resides in NYS or does any business with New York residents. “Any person or business that owns or licenses computerized data which includes private information of a resident of New York shall develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information including, but not limited to, disposal of data." Private information includes social security numbers, driver's license numbers, account numbers, credit/debit card numbers, fingerprints, retina images (ex: face ID for smartphones), usernames/emails/passwords, and more. The goal of this act is to help further protect against identity theft. To reach guidelines stated in the SHIELD Act, NYS requires every business to have reasonable security measures in place. Businesses will be in compliance with the SHIELD Act if the proper security measures are set in place. Security measures as defined by this new law are: Designates one or more employees to coordinate the security program Identifies reasonably foreseeable internal and external risks Assesses the sufficiency of safeguards in place to control the identified risks Trains and manages employees in the security program practices and procedures Selects service providers capable of maintaining appropriate safeguards, and requires those safeguards by contract; and Adjusts the security program in light of business changes or new circumstances Your business will also be in compliance if you currently meet the requirements of: Title V of the Federal Gramm-Leach-Bliley Act (15 U.S.C. 6801 to 6809) Regulations implementing the health insurance portability and accountability act of 1996 (45 C.F.R. Parts 160 and 164) Part Five Hundred of Title Twenty-Three of the official compilation of codes, rules and regulations of the state of New York (Cybersecurity Requirements for Financial Services Companies) Any other data security rules and regulations of, and the statutes administered by, any official department, division, commission or agency of the federal or New York state government as such rules, regulations or statutes are interpreted by such department, division, commission or agency or by the Federal or New York state courts. Any breach in security is now required to be reported directly to the New York State resident whose information allegedly was stolen. Failure to comply with the SHIELD Act will result in a fine from the New York State attorney general. Read the official SHIELD Act text here . ACC is dedicated to assisting our clients with their compliance requirements, including initial steps as well as ongoing efforts while needs change. Contact us here to start a discussion and request a compliance audit.
In the growing list of ways threat actors are trying to access and steal data and information, we want to take a minute to talk about attacks that happen on a device most of us carry around all day. Cell phones are increasingly targeted for phishing attacks via SMS (text messaging), also known as "smishing." Why? First of all, we’ve come to trust our smartphones as the device that solves a lot of our problems, like googling an actor we can’t remember the name of, or like replying to an email while on the go. By targeting a device we trust (whether subconsciously or not), the attacks are often more successful because we let our guard down. Secondly, because they’ve become almost as unique and valuable as social security numbers, cell phone numbers are highly sought after info in a data breach. The attacks happen for different reasons and use different techniques. The following is a list of just a few examples methods and contexts they come in: Unsolicited text messages from banks, service providers, and superiors. Most play upon some sense of fear, such as account cancellation, someone stealing money from your bank, being accused of a crime or wrongdoing, or harm to your family. Often, they will impose a sense of urgency to illicit a response. They will request that you text back or go to a link to fix or activate something. Anyone with an email address can send you a text message. All mobile providers have an email-to-text conversion address. There are many web/app-based free text messaging services that require no verification of identity to use. SMS is a major form of 2-factor authentication for applications; therefore, it’s a target. So, how do they obtain your mobile number? There are quite a few ways that you might not even think of because they’re so engrained in our everyday lives. 1. Many rewards programs utilize your cell phone number as your identity. Retailers with brick-and-mortar stores will ask for your phone number when you check out, and anyone nearby can hear it. 2. Most businesspeople list their cell phone number on their business cards, email signatures, and presentations they give. 3. We use our cell phone number at many publicly accessible locations, such as pizza shops, restaurants, doctors’ offices, hairdressers, and grocery stores. What can you do to protect yourself? Generally, you should avoid interacting with the message’s content or sender, but here are some specific actions. Do not rush to action; take your time evaluating a text. Do not reply to any texts that are unsolicited. Do not click on links from unsolicited texts. Report the suspicious number to your cell phone provider. Delete the message to avoid inadvertent responses. It's important to make sure your colleagues are educated about these risks and the protective measures they can take. We suggest sending this post to them or setting up a seminar in your office with ACC's cybersecurity experts.
Contact Us:
315.484.4500
Our Location