If you’re wondering what that “S” at the end of more and more URLs (HTTPS) means, here is a one-word answer: Secure. Before long, you’ll be seeing it in even more places, including your business website. This is a brief explainer covering the “S” and a few other acronyms that are intended to keep your business website — and its users — safe from internet bad guys.


A more in-depth and technical article about HTTPS can be found on the SmallBusiness.com WIKI


First, some good news: Small businesses are creating and actively managing websites more than ever before. They are discovering easier and better ways to use their websites to find new customers and build stronger relationships with current customers.

Now, for the bad news: Business websites, large or small, are attracting criminal hackers from around the world. According to the Better Business Bureau, here are some alarming statistics.

71% | Percentage of data breaches that are targeting small businesses
$7,100 | Average cost for a small business to fix a data breach
$32,000 | Average cost to fix if money was stolen by the cyber criminals


An example of a cyber crime targeting people using your website

In one common criminal scam, victims are lured into visiting a counterfeit website — one that looks like the legitimate site but has a slightly different domain name from the authentic site (gooogle, for example). Not realizing it’s a fake site, the user can be fooled into providing information like a username, password, and sensitive personal information.

Unfortunately, if you have a customer who falls victim to this type of scam, they will want to blame you. Fair or not, they entered what they believed to be your web address in their browser, an address that would guide them safely to your site and protect their interactions.

How the letter “S” and lock  add security to your website

In response to  scams like the example above, many leading companies in the internet security field work together to prevent website owners and users from becoming victims of such crimes. One of the results of their efforts can be noticed as you visit an ecommerce website and see the browser address window displaying HTTPS instead of HTTP, along with an icon of a closed lock: .

That “S” and closed lock icon let users know that the site is secure. Historically (and with a lot fewer acronyms than security experts use today) website owners who had e-commerce features and other secure information on their websites would obtain what is called a Secure Sockets Layer* (or, SSL) certificate that provides security for information speeding around a computer network. Once installed onto the website, the SSL works like a home security system: it has a sign in the front yard (that S in the URL) that alerts cyber criminals of its presence and assures your customers their information is secure. (Acronym alert: At the end of this explainer, you’ll learn that SSL has been replaced by TLS. But so few people know what “TLS” stands for, you’ll typically see TLS/SSL )

Coming Soon: It’s not pretty what will happen to websites that don’t have an HTTPS URL?

While having security features on your website was once limited to websites that included ecommerce capabilities, today the sophistication of cyber criminals and the personalization features of a website means nearly all  websites have increased need for security.

For example, unless a website owner adds more security,  browsers like Google Chrome will soon start displaying visual cues in a user’s browser window to alert them of an unsecured website:

  • Google Chrome will highlight insecure pages with a red X in the address bar
  • If there is no “s,” Chrome will start warning users with the words “Not Secure” if usernames or credit card information are requested
  • Firefox plans a similar warning for sites requesting passwords
  • In the future, both will transition from an information warning to a red triangle which is more noticeable
  • Services like Geolocation, Device Motion/Orientation, Full-screen mode, DRM and others will soon be limited to computers with HTTPS connections
  • Referrer data from other sites will require the use of https

How does a small business add an “S” to its HTTP?

If you own or manage a small business, you need to communicate with the person or company who manages or hosts your website. Discuss with them how to obtain a “publicly registered” SSL/TLS certificate. This infographic outlines the considerations you will have in selecting the type of license best for your website.

Information is also available from the Certificate Authorities Security Council (CASC, CASecurity.org), an advocacy and educational campaign to encourage the use of HTTPS. Members include GoDaddy, Digicert, GlobalSign, Entrust, Trustwave and Comodo.

If your website is hosted by a large national or international website company, look for information in their user-support resources in the security section.


*The people who came up with the names and acronyms for all of these protocols should be embarrassed. For example, the term Secure Sockets Layer (SSL) has actually been replaced by something called Transport Layer Security (TLS) that provides secure communications on the internet for such things as e-mail, internet faxing, and other data transfers. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains substantially the same. Even the people who work full-time in the world of internet security call it TLS/SSL so as not to confuse one-another, just us.


 

6
Homeland Security Tips for Choosing Harder to Hack Passwords

In addition to password management applications and two-step validation, here are some tips for making your password harder to hack.

7
Passwords Are Stolen Everyday; How to Protect Yours From Being One of Them

Don’t wait until your password is stolen to follow these procedures.

8
How to Recognize and Avoid an Attempt to Crack Your Two-Step Verification Passwords

As attackers evolve, there are many steps businesses and consumers can take to protect themselves.

9
How Voice Recognition Software is Being Used to Detect Cyber Criminals

(In cyber crime), the weakest link is often the human. Software developers are trying to strengthen that link.

10
How to Avoid a New Cyber Attack Attempting to Access Small Business Bank  Funds

Cyber criminals are using a new attack against hundreds of small business employees.

11
Seven Resolutions for 2016 That Will Help Protect Your Small Business Computers

Simple steps you should take to help protect your computers and data in 2016.

12
Top Ten Free Antivirus Utilities For Your Small Business | 2016

PCMag.com has released its annual list of free antivirus utilities.

13
Most Small Businesses Have No Cyber Attack Response Plan

A survey reveals 80% of small business owners say their companies do not have a cyber attack response plan.

14
If Your Business Bank Account Gets Hacked, Your Bank May Blame You

For individual customers, banks must reimburse victims of cyber-fraud. For bank accounts of businesses, even one owned by one person, the same rule doesn’t apply.

15
Why You Should Still Use a Password Management System, Even if You Heard One Was ‘Hacked’

A breach of a password management system provides another opportunity to explain how a password management service is better than other methods.

16
Advice From Google on Avoiding Scams Directed at Small Businesses

A wide range of warnings for avoiding scams from con-artists claiming to be from Google.

17
More Tips for Actively Managing Your Passwords

More helpful tips and ideas for managing your passwords.

18
What Small Business Customers Should Know and Do About the JPMorgan Chase Cyberattack

From the bank’s SEC filing and information provided on Chase.com, this is what is currently known about the cyberattack and what the bank is recommending to its customers.

19
How Hackers Use ‘Social Engineering’ and How to Prevent It

Following the recent wave of celebrities having online accounts hacked, here is an explanation of “social engineering,” part of the method the cyber criminals likely used.

20
Ten Tips From the FCC for Improving Your Small Business Cyber Security

Ways to improve your small business cyber security from the U.S. Federal Communications Commission.

21
Password Protection Advice from SmallBusiness.com

Username and password protection is an ongoing requirement for small businesses. Here is a roundup of helpful advice on internet security and password management that has appeared recently on SmallBusiness.com

22
Ebay Asks 145 Million Users to Change Passwords

Ebay is asking its 145 million users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords “and other non-financial data.”

23
What is Two-Step Verification and Why You Should Start Using Them

It’s incredibly easy and fast to use a two-step verification method to protect your online accounts. Here’s how they work and why you should use them.

24
How (and Why) to Use a Password Management Application

A lock on your front door doesn’t do you any good if you keep the key under the mat, just like the best security on the web won’t protect you if you have the same bad password on every site you visit.

25
How to Reduce the Odds of Being Hacked While Using Public Wifi

Getting in a solid work session at the local coffee shop may be a tempting idea, but it has its risks. Like getting your personal information stolen because you were careless on a public network.