If you have ever entered your credit card information or Social Insurance Number into an electronic form, having at least a basic knowledge of online security is critical. Understanding is optional only if you want to be at risk. Happily this is a less overwhelming topic than you may think.
Why you should be concerned
Simply put, information that is input into a form on a Web site, no matter how credible the company, is exposed in transit, unless the page is encrypted using a secure connection. A secure connection is indicated by “https://” in the address bar and by the padlock symbol within the Web browser. It means that information entered at your end remains encrypted until being decrypted by the destination server. (see What is SSL?)
|Examples of a secure address|
|Internet Explorer 6 (padlock icon located at bottom right of browser window)|
|Internet Explorer 7 – features addition of padlock icon beside address|
|Internet Explorer 8 – features addition of highlighted “https” for increased clarity|
Just as a telephone conversation can be eavesdropped on, with minimal knowledge, online communications not encrypted during transmission can likewise be eavesdropped on. With that in mind, it is strongly recommended that for your own protection you do not fill out confidential information in any form that is not encrypted.
But consider: Your customers are no different than you. They want their information to remain safe too. If they don’t feel their information will be handled securely, you risk the loss of their business.
On the other hand, secure forms will boost your business in the following ways:
- Trust is critical, and with the almost inherent volatility of the Internet, secure forms provide increased customer confidence in your company
- Gain a competitive advantage by showing your customers that you care by taking their security seriously
- Prove to your customers that you are progressive because you understand how to do business online
Of course not every form requires the level of security provided by an encrypted connection. Still, there are some instances where it is a requirement in order to enable specific functionality. For example, this is necessary in some implementations of PayPal.
But how does a form become secure? What else should be considered when protecting your customers’ information?
Securing your forms
First we will assist you in acquiring an SSL Certificate. We then submit the certificate for installation on the server, at which time your Web site is assigned a dedicated IP. To ensure maximum security, we implement code on your Web site that forces a secure connection on any pages that benefit from the additional security. We also implement a graphic to clearly communicate to your customers that the form is secure.
What happens after submission?
Having a secure connection between the end user’s computer and the server is an excellent start, but unfortunately it is only part of the security equation. Once the information arrives at the server it is decrypted and so it is once again susceptible to eavesdropping.
For example, let’s say a customer of yours fills out a secure form on your Web site. After they click the send button their information is formatted as an E-mail and sent over an encrypted connection. Once it arrives at our server it is directed specifically to your E-mail account on the server. The message will reside on the server until you download it. At this point, a person with malicious intent only needs to gain access to your E-mail account and your customer’s information will be exposed. Alternatively, while you are downloading the E-mail to your computer, the information is not necessarily transferred securely and is once again susceptible to eavesdropping. Not to mention, once the message is within your E-mail application all it would take are prying eyes to physically see the information on your screen while you’re away from your computer. How can these vulnerabilities be overcome? The information needs to be stored in an encrypted state.
Secure Storage Solutions
Many secure storage solutions require both the sender and receiver of the information to set up a key to encrypt and decrypt information. While technically excellent, this approach has practical flaws. Fortunately, we provide a solution that is as easy as checking your E-mail from a Web mail interface.
From your perspective you simply receive a regular E-mail that notifies you of a new secure message. You then log-in to a Web mail interface where the message you are viewing is only decrypted locally while you view it on screen. Coupled with a secure form, this provides an end-to-end encrypted solution that protects your customer’s sensitive information.
What is SSL?
What is an SSL Certificate?
“An SSL certificate is a digital certificate that authenticates the identity of a Web site to visiting browsers and encrypts information for the server via Secure Sockets Layer (SSL) technology. A certificate serves as an electronic “passport” that establishes an online entity’s credentials when doing business on the Web. When an Internet user attempts to send confidential information to a Web server, the user’s browser will access the server’s digital certificate and establish a secure connection.” – godaddy.com
Securely transmitting and storing information are small but important components to the nearly endless topic of online security. Of course, unbreakable security is impossible. Just as the most sophisticated home security system will not stop a skilled thief that is intent on breaking in, online security can be overcome. However, taking measures to make security a priority will provide you with a safer online experience and your customers with even greater confidence when doing business with you.
Don’t be among the backward businesses that still view secure transfer and storage of information as revolutionary or unnecessary. By your gaining a basic knowledge of the topic and enlisting the help of a serious Web professional, you can address the challenges of online security with confidence.