Servertastic

UK £ US $ Euro

How Servertastic Can Help You Maintain GDPR Compliance

GDPR compliance checklist

Failing to maintain GDPR compliance can land your business with severe penalties. But security breaches can happen to even the most cautious businesses. Nowadays it seems only a matter of time. Is punishment therefore inevitable?

Fortunately, your business can stay on the right side of the law even if you suffer an attack.

GDPR legally requires that you implement security measures that are appropriate to the risks presented by the data you're processing. This means you can avoid fines so long as you put measures in place and can demonstrate that you've made them. Besides complying with the law, these steps can build trust with your customers.

At Servertastic, we offer many services that help you maintain GDPR compliance.

HTTPS Encryption

The simplest step to improving your business’s security is enabling encryption. This means running your website over HTTPS instead of HTTP. This requires a valid SSL/TLS certificate.

When data is transmitted over HTTP, it’s done in plain text, which means that anyone hacking into the communication has access to the information. However, HTTPS scrambles the data in transmission, preventing hackers from reading it.

HTTPS is considered standard, and browsers like Google Chrome warn users against using sites without it. This should be seen as a minimum measure.

You can find out more about SSL certificates and a view a range of options.

Cyber Essentials

Putting in place basic technical controls, such as those established by Cyber Essentials, demonstrates your commitment to cyber security. It also educates your employees on how to identify cyber threats and protect themselves.

These controls include securing your internet connection and devices, controlling access to your data, and updating software. These controls prevent 80% of cyber threats to your business.

Our Cyber Essentials package gives you the advice to guarantee that your business becomes certified.

You can find out more about Cyber Essentials here. Our Cyber Essentials package also provides other security benefits alongside certification.

Regular Assessments

Cyber threats are constantly evolving and changing tactics. Protections add today can become outdated quickly. This means you can't just forget about security.

Regular vulnerability assessments can inform you when you are susceptible to new threats. They tell you when software needs updating, and discover loopholes in your system that could be exploited.

Regular testing shows that you take security and GDPR compliance seriously. It also keeps your business alert to the changing landscape of cyber security. However, these tests are only valuable if you act on them and make the necessary changes.

Our Cyber Security package makes the task of assessing vulnerabilities easier. We perform scans each month and compile digestible reports, helping you understand where security improvements can be made.

You can find more details on our Cyber Security package here.

Making your business GDPR compliant is not optional. But our services can reduce the headache of playing catch up and keep your business on track.

Tips for Switching to HTTPS

Photo by Glenn Carstens-Peters on Unsplash

HTTPS is quickly becoming a minimum requirement for having a successful business online. Google Chrome and other browsers have begun flagging websites that have not made the transition. Therefore it is better to make the switch over sooner rather than later. To avoid getting a headache or damaging your business’s presence online it is important that your HTTPS certificate is installed properly.

There are many issues that can arise during the transition. We are to offer you some advice to keep in mind when making the switch to HTTPS.

Get the Right Certificate

Selecting the right SSL certificate for your website is the first step. If you need to ensure your user’s trust then you should go for a certificate which validates your organisation’s identity. These include Organisation or Extended Validation certificates.

If your website spans multiple domains or any number of subdomains then you may require a Multi Domain or a Wildcard certificate respectively. Using a Wildcard certificate is cheaper and easier to manage than buying a separate certificate for each subdomain.

Use a Test Server

Making your changes on a test server first can prevent issues from damaging your live website. When you are confident that the changes have been successful on the test server, you can then go ahead and apply them to the live site in the knowledge that everything has been checked beforehand.

Check your Third Party Add-Ons

Make sure that any third party services your website uses can be run over HTTPS. This can include features such as analytics or advertising. If they cannot, then this will result in “mixed content” issues, where some of your pages will not run over a secure connection. Users may become uncertain about your website if parts of it are still using HTTP. Mixed content can also render the protection provided by encryption useless.

Once you have switched to HTTPS make sure to update any plugins or modules your website uses.

Revise Internal Links

Just like with your add-ons, failure to inspect internal links can lead to mixed content issues. You should check your internal links and links to website assets to ensure they lead to proper HTTPS versions. Assets can includes images, video and audio media, web fonts, CSS, and Open Graph tags.

Checking your internal links can also help catch out links which have been broken by the transition.

Redirect

When you make the switch to HTTPS you should make sure that your users are properly redirected to the correct webpages. Without proper redirection your users might end up still visiting your website over HTTP. Search engines like Google see the switch to HTTPS as a website move, similar to changing domain names. Therefore you should redirect all of you webpages to their HTTPS versions and update your Google Webmaster tools. Make sure to update any existing redirects.

If you send out any adverts with links to your website, such as paid search ads or email marketing campaigns, then you should update them to include links to the HTTPS versions of your webpages.

Update Sitemap

Once you have switched to HTTPS you should update your sitemap with the correct HTTPS URL addresses and submit it to Google. Sitemaps make it easier for Google to crawl your website.

Check Robots.txt

To make sure that search engines like Google can still crawl and index your pages after making the switch you should check your robots.txt. You need to make sure that you have not restricted any of your HTTPS pages, otherwise potential users will not be able to find them through organic searches.

It is a good idea to re-crawl your website to check what pages can be indexed. Pages that return a 200 status code can be indexed.

Hopefully your switch to HTTPS can be free of hassle. Thorough inspections of your website and careful monitoring are key to ensuring a smooth transition.

Why HTTPS is Essential to your Business

Businessman on laptop

Photo by rawpixel on Unsplash

As more business than ever is being conducted online, the need to protect your website and its users is more vital than ever to ensuring your success. Switching your website to HTTPS is just one of the ways you can enhance your site's security. While HTTPS used to be considered best practice, is quickly becoming an essential to online businesses.

HTTP means Hypertext Transfer Protocol. It is used to determine how data is sent between a website and the user. HTTPS is a protocol which is secured.

When your website is running off regular HTTP the data being sent between the site and the user is sent in plain text. If a hacker were to intercept the data they would be able to read it. This means they could learn sensitive information such as the users passwords or credit card details.

If your site uses HTTPS however, all data sent back and forth will be encrypted meaning anyone intercepting it will not be able to read it. This protects your users from cyber crime. The verification provided by HTTPS certificates also makes it difficult for frauds to impersonate your business and use your identity to scam others through phishing.

When your website has the Green Padlock indicating HTTPS, or the Green Address Bar provided by an Extended Validation HTTPS certificate, the confidence of your users to complete transactions on your website will be boosted.

The enhanced trust from your users will lead to a higher conversion rate and better business all around.

Browser Changes

Browsers will alert users when a website in not secured using HTTPS. Google Chrome’s latest updates now flag every website without HTTPS as “Not Secured” in the address bar. Potential users are likely to turn away from your website once they have been alerted that your website cannot be trusted with their data.

Other browsers will warn users then a website without HTTPS requires them to enter a password or credit card details. These browsers will be expected to follow Google’s example in the future and flag all unsecured pages. As browsers push for more encryption, HTTP will become the exception rather than the norm.

SEO Benefits of HTTPS

Using HTTPS also enhances your SEO. It has been confirmed by Google that sites using proper HTTPS encryption are given priority in their search engine. The presence of HTTPS can be used as a tiebreaker between two sites that would otherwise be equal in search ranking. So taking the time to ensure your site is secure can translate into more visitors through organic searches.

HTTPS will be required for using certain new technologies online such as HTTP/2. This is a new version of the protocol which can reduce the load time of websites, but major browsers will only allow it to be used with HTTPS.

The easiest way to switch over to HTTPS is to purchase an SSL/TLS certificate. Your website will switch over to HTTPS as soon as the certificate is installed. Not making the switch risks not only your users, but also the reputation of your business.

Why are Sites Being Listed as Not Secure?

Googles new updates is flagging sites as not secured

Photo by Edho Pratama on Unsplash

You may have noticed that from the 23rd of July many websites have been branded as “not secure” in the URL bar of Google Chrome. Google’s latest update to their web browser, Chrome 68, is now flagging any websites that have not made the switch over to HTTPS. This is an effort by Google to encourage websites to take measures in securing the data of their users.

HTTP stands for HyperText Transfer Protocol. It determines how data is transferred around the web. Websites using HTTPS are encrypting the data being sent to their server. The S stands for “secure”. Google reports that 81 of the 100 top websites are now using HTTPS.

not secure url bar

Image from blog.google

Websites without HTTPS are not encrypting the information being sent between you and the server. Hackers could potentially intercept your communications and read any information in plain text. They could potentially steal your password, bank details, and personal information like  address and phone numbers. With HTTPS active however, the data is scrambled during its transference, so hackers cannot read it.

Chrome would previously flag websites as not secure if they required users to enter sensitive information such as passwords or credit card details. They have expanded this, as of the 23rd of July, to cover any website without proper encryption regardless of whether the website gathers your information.

Firefox and other large browsers are also expected to implement changes to flag insecure websites in the future.

How Does Being Flagged as Not Secure Affect a Site?

Websites that are flagged as not secure can expect a loss in business from visitors. Research suggests that over 80% of internet users would not make a transaction on a website that was flagged as not secure. HTTPS by contrast can grant a website increased trust between it and its users.

Google have also confirmed that HTTPS is a factor in their search engine rankings. Websites that are not encrypted are failing to meet their full SEO potential.

Websites that are not encrypting their data are at higher risk of being hacked or having their data stolen. This can cause tremendous lost of finances and permanent damage to their reputation.

How do I Secure my Site?

If your website is being flagged by Google Chrome as not secure, that means you need to acquire an SSL/TLS certificate. Doing this will activate HTTPS for your website. These certificates are used to prove that you own a particular domain and that your business is legitimate.

A domain validated (DV) certificate is the fastest way to get HTTPS. These certificates can be issued in minutes.

Your website will switch over to HTTPS as soon as the certificate is installed. The green padlock symbol in the URL will also indicate that your website is encrypting data.

You can find a range of SSL certificates on our website at discounted prices.

Servertastic Limited is registered in England and Wales.
Registered Company Number: 04982077
VAT Number: GB125485804

Hosted by LayerShift

Mastercard Maestro Visa American Express
Diners Club JCB Discover Paypal
Sectigo Trust Seal
Reviews
Cyber Essentials