Google Rewards Secure Websites with Higher Search Ranking
Thursday, September 25, 2014 at 20:54
Why are we cheering at Symantec?
The announcement is the latest move from Google to make HTTPS become more widespread. Google has already provided HTTPS by default on its own services such as its search engine, Gmail, and Google Drive. At its recent I/O conference, Google called for “HTTPS everywhere” (video) across the Web -- and other companies appear to be following suit, as Yahoo recently announced that it would be providing end-to-end encryption for its Yahoo Mail service.
This is a promising step towards strengthening online security. Symantec’s Internet Security Report shows that 1 in 8 legitimate websites have a critical vulnerability. This really isn’t a surprise. Nearly a quarter of IT professionals have no idea how secure their website is, according to a Symantec vulnerability gap study. In fact, 53% of the 200 IT professionals we surveyed had never performed a vulnerability assessment on their website. The stats are sobering. Online security is a team effort – and we all need to up our game.
The recent mega-breaches indicate cybercrime has reached near-epidemic proportions. We’re hopeful Google can use its new ranking algorithm to help entice businesses to adopt stronger security practices.
What exactly is HTTPS?
Any company doing business online should have an SSL (Secure Sockets Layer) solution. SSL is the most commonly used protocol for securely transmitting sensitive information via the Internet, and the most common application of SSL is HTTPS (for SSL-encrypted HTTP).
SSL certificates are the foundation of online business -- and the backbone of HTTPS encryption. They’re a powerful way of confirming the validity of your website and will help ensure protection of your customer’s online information. SSL certificates create secure connections between clients and servers and encrypt data to make it unintelligible to all but the intended recipients.
How do you get HTTPS encryption?
Symantec developed an interactive guide, called SSL Certificates Explained, which covers everything you need to get started in securing your website, including an introduction to new ECC and DSA encryption technology.
Other resources are available on our SSL certificates site. If you already have a handle on SSL, our product comparison chart will help you determine which solution is right for you and your business.
Is there anything else you can do to strengthen online security?
Absolutely! Be proactive about securing your online business. A few tips are below:
1. Protect your customer's entire website visit by deploying SSL on all your web pages.
2. Implement security precautions on all mobile devices including strong authentication.
3. Use encryption for data in transit and at rest (SSL does not encrypt stored data).
4. Protect physical and virtual data centers with host-based intrusion detection and prevention solutions.
5. Be sure to get your digital certificates from an established, trustworthy Certification Authority who
demonstrates excellent security practices.
6. Deploy endpoint protection software and gateway antivirus and regularly scan for vulnerabilities.
7. Monitor the threat landscape and your infrastructure for network intrusions, propagation attempts and
other suspicious traffic patterns.
8. Educate users about security policies and information use.
For more information about SSL certificates and how you could use them, take a look at our interactive SSL Certificates Explained guide. If you already know your SSL from your SAN, put your infosec skills to the test with our interactive Chemistry of Website Security site. #GoKnow and #DoItAll
Additional Resources:
http://www.symantec.com/connect/blogs/chemistry-website-security