17 Nov How Financial Websites Can Make Themselves More Secure
Most people are aware of the risks the internet poses to their sensitive information. With all of the data theft and digital hacking going on in recent years, that comes as no surprise.
Despite the threat posed by hackers and data leaks, many financial websites are still not prioritising security. This is alarming, particularly when financial websites contain vulnerable, delicate information (e.g. financial) about their clients.
This is one area where Google, to their credit, are pushing things in a positive direction. One of their most recent updates is the new Chrome notification, which immediately warns visitors if the website they are visiting is not secure.
The Chrome Update: Overview & How It Affects Financial Websites
As of a month ago (October 17th 2017, to be precise), Google has integrate a new update to Chrome (version 62). The update flags up financial websites (and all websites, in fact) which do not possess an SSL certificate, which is now regarded as a foundational security feature.
SSL is shorthand for “Secure Sockets Layer”, and it refers to the technology which enables all information passed between a browser and a web server to be encrypted.
Financial websites with SSL can, therefore, allow the secure transaction of sensitive information between your computer and the website in question, including credit card details, passwords and financial data.
If a website does not have SSL, and it has a form, then Chrome brings up this warning to the user:
As you can imagine, this is massively off-putting to your website visitors. Indeed, some recent research by Hubspot show that over 80% of consumers would leave a website that is not secure.
Chrome currently also has 55% market share at the time of writing. In all likelihood, most visitors to financial websites are using Chrome. These two statistics alone should certainly compel all financial firms and advisors to take SSL seriously.
Another important consideration is the impact of SSL on the Google rankings of financial websites. As of 2014, Google has clearly been saying that having SSL is a positive ranking signal.
That essentially means that, all other things being equal, one financial website would outrank another if the former possesses SSL, but the latter does not.
Perhaps you are now convinced that financial websites need SSL to thrive in today’s digital environments. However, how do you know if your website has SSL?
How To Check If Your Website Has SSL
There are some fairly straightforward ways to discern whether your financial website is sending encrypted information, or not.
If you are not using Chrome, simply look at the URL in the browser’s URL bar. Does the website address contain an “s” in the “https” in the prefix, or does it lack an “s” – instead showing “http”?
If it is the former, then the website is using SSL. But if it does not, then it does not.
For those who use Chrome, it’s easy to tell if a website lacks SSL. Simply visit the financial website, and check to see whether a “Not Secure” notification appears before the URL.
If this appears, the website is not using SSL. However, if you see the prefix of the URL showing in green (e.g. “https://www.facebook.com”) then the website is using SSL.
You can even click on the little green, padlock symbol to check where the SSL certificate comes from.
Next Steps: How To Make Things More Secure
If your financial website has SSL, then great! You will be benefiting from the SEO boost, as well as increased trust and engagement from your website visitors.
If you do not have an SSL certificate, then you’ll need to discern what kind of certificate you need. Then you’ll need to get hold of one – either free, or paid. For detailed instructions on how to go about this, please see our recent blog post on SSL here.
There are further measures, however, that financial websites can take to improve their performance and security. Here are four ideas we’d recommend:
#1 Update website extensions & plugins
Plugins are fantastic, yet for financial advisers they’re often an area of vulnerability to hackers.
If a plugin hasn’t been updated for a while, then it might be that the author or publisher is no longer supporting it. In which case, the security features of the plugin may no longer be adequate.
If your website is using this plugin, then by extension, you could be leaving your financial website vulnerable to attack. So be careful to regularly review any plugins your website uses, to be sure they’re keeping up to date.
#2 Use A Content Delivery Network
DDoS attacks are a very common way hackers try and use to take down financial websites. The idea is to try and flood a particular website with large quantities of traffic.
This can overwhelm the server to the point where the website is no longer responding. This can then allow the hacker to access your CMS, steal sensitive information, and possibly hold it to ransom.
A CDN (content delivery network), however, will allow you to detect rapid increases in website traffic. It will then scale up to deal with it, taking the sting out of the DDoS attack.
#3 Ensure your CDN has data centres in different locations
The idea here is to spread out the risk, in case the sever goes down. By having a CDN with multiple data centres, this means it will still be able to handle a DDoS threat in the event one server goes down.
#4 Manage your passwords carefully
At the very least your website needs a secure password. Honestly, the number of financial websites which use “admin” as a username and “password” as a password on their CMs is frankly frightening!
There are some great password manager tools out there, like LastPass, which will generate very secure passwords for you, as well as store them safely so you do not need to remember all of them.