SSL/TLS 101: Surprising Ways Security Can Improve Website Engagement


This is a stick up!  Are not the words you hear before a robbery takes place online.  As a matter of fact, you won’t hear a sound.  Online attackers work stealthily.  Their tactics far less obvious than their brick and mortar counterparts.  So, how can you prevent cybercriminals from putting their hand in the till?  Security-conscious online shoppers want to know before engaging with your website.   Website security is comprised of many factors.  Let’s hear what some of the leading experts on website security have to say about building a trusted and secure website using encryption and malware prevention.  And, taking a further look at how to strengthen these tactics by reducing the vulnerabilities associated with each.

Encrypting Transactions

Online shoppers learned long ago to look for a locked padlock in their web address bar before making an online transaction.  To find out what’s behind the padlock, or more specifically, the SSL/TLS certificate that’s behind it, I reached out to industry veteran, Bruce Morton, Director Certificate Services at Entrust Datacard, an established Certification Authority issuing SSL/TLS certificates.  “SSL/TLS certificates do two things – they support secure communication between a company’s web server and a browser by encrypting the customer’s personal information, and they also provide trusted identities.  This provides privacy and protects sensitive information while in transmission helping to avoid Man-in-the-Middle (MITM) attacks,” explained Morton.  MITM attacks happen when a cybercriminal intercepts or alters the communication between a search engine (e.g., Chrome, Safari, Internet Explorer, Firefox, etc.) and a company’s web server.

Detecting SSL/TLS Vulnerabilities

The key to securing web based transactions lies in optimising the server configuration to prevent known threats.  The best way to do this according to industry expert, Ivan Ristić, author of QualysLabs, is to perform a comprehensive website server test like the one offered on their website, Qualys SSL/TLS Labs.  This service is not only free but is also constantly updated with developments.  It’s used routinely by many organisations to monitor their servers for vulnerabilities.   

Preventing Malware

Weaknesses in website code give hackers the opening they need to inject malware.  Malware is the tool they use to steal personal information, spread viruses or hijack computers.   Cybercriminals target website vulnerabilities to host malware making website security a crucial component to managing online businesses.   Monitoring and reputation management services can automatically alert you to issues before you’re aware of it.  “A good place to start is by having a firewall– it’s like putting a shield in front of your site that identifies and stops bad traffic from entering, coupled with a malware scanner, which alerts you to breaches or impending breaches,” recommends Tom Serani, Executive Vice President of Business Development at SiteLock.   Sitelock identifies over 5,000 new website security flaws daily, giving business owners peace of mind when it comes to website security.  “There are tools to prevent an attack and tools that act as an alarm system, and with the right tools in place, there’s only a small chance of business disruption,” assured Serani.  

Detecting Website Vulnerabilities

Detecting website weaknesses is critical when it comes to preventing business disruption caused by malware.   Automatic malware and vulnerability scanning does the job for you by alerting website owners to weaknesses and preventing cyberattacks, and is recommended as a baseline for website security.

Online shoppers prefer to engage with sites that have their protection in mind.  Making a small upfront investment in website security can help to prevent the revenue loss, business disruption, and tarnish to your reputation that results from a cyber attack.  Get all of the facts about creating a safe online environment for your customers including how to choose a website security provider download-  “SSL/TLS 101: Red Flags and Violations How Security Impacts Website Engagement"


Blog written by Diana Gruhn at Entrust Datacard