GlobalSign® SSL Certificates

1. Activate the SSL padlock – use SSL

SSL is the de-facto server-to-browser security technology. When you install an SSL Certificate on your server, you activate your server’s ability to use SSL. Indicators such as the yellow padlock and https: instead of http: add to your customers trust in your website. But more importantly, when the padlock is active, your customers know that whatever data (credit cards, passwords, personal information) is sent from their browser to the server will be encrypted. And being encrypted means that the data will remain confidential, even if it is intercepted by eavesdroppers.

2. Display the Secure Site Seal and include some basic web page copy on why you’re using SSL, what it is and how it benefits the visitor

As well as showing the yellow padlock and https:, you should also add the Secure Site Seal to your web pages. The Site Seal can be clicked and provides further information about who you are – bringing the customer closer to that physical world experience of addresses and places of operation.

Research shows that visitors react to Site Seals, especially those relating to security.  You should also include some very basic information on how you secure your customer’s information, for example:

Your Information is Secure with us…
We employ the strongest SSL encryption technology from GlobalSign to protect your personal information. Your ecommerce and personal details submitted when you see the yellow padlock in your browser is secure and protected from eavesdroppers.

3. Use SSL on any page that submits data, not just credit card entry pages

No matter what information is being submitted (i.e. via a form on your website to your server) you should be using SSL.  SSL is not just for securing credit card transactions.  All levels of personal information are sensitive and should be secured, from newsletter signups to account logins, SSL should be the minimum security standard when collecting and submitting data.

 

4. Take website trust to a new level – adopt Extended Validation (EV) SSL and turn the address bar green

Extended Validation SSL or EV SSL is the new standard in trust enhancing SSL security. As well as activating the yellow padlock and https: it also turns the address bar green in the latest EV enabled browsers – including Internet Explorer, Firefox, Opera, Chrome and Safari. EV SSL shows that you’ve invested in your customer’s security and your company identity has been vetted to a standardized high level. Website visitors are increasingly looking for the green bar on their browsers – turn those visitors into paying customers by showing your enhanced trust and security levels.

See how browsers show EV SSL Certificates differently from standard SSL:

5. Make sure your server software, applications and modules are up to date

This is less about demonstrating your security to your customers, but more about protecting your services from the outside in. Vulnerabilities continue to be discovered across all platforms. And as applications and browser to server interaction becomes even more advanced and more complex, additional vulnerabilities stand to be exploited. Always keep your server software, applications and modules up to date with the latest security patches.

 

6. Employ a sensible FTP / Control Panel password policy

Your FTP and Control Panel password policy should be no different to your desktop password policy. Choose strong, non dictionary word passwords containing a mix of letters, digits and special characters (or use a random password generator). Use different passwords for your different services, and consider changing passwords periodically.