Whether it's the lingering effects of the Target credit card breach, hackers infiltrating a Canadian government organization's website or the recent news that Russian hackers have stolen 1.2 billion Internet usernames and passwords, barely a day goes by without news of a cyber-attack. It's glaringly apparent that organizations need to be thinking about cyber security, and need to be taking action on ensuring that their users' data is secure.
If the risk of cyber-attacks alone isn't motivation enough to inspire you and your IT department to take measures to ensure a safe user experience on your org's website or online community, Google just announced something that might change your mind. While just in the testing stage now, Google recently revealed that it will start prioritizing secure websites in its search results, giving higher placement to company URLs that take greater steps to protect themselves against hackers. They hinted in a blog post that websites with encryption - a security measure that protects user data so only authorized parties can read it - will soon show up higher in Google search results.
Community managers, who have a strong focus on inbound, lead-generating content, should consider switching their community to a platform that exclusively uses a secure protocol (SSL). Not all platforms provide this option, so check with your vendor to make sure SSL is available. Not only will a site that is secure rank higher in Google results, but also you'll be able to assure users that participating in your community will not compromise their information. Right now, it's just a smart thing to do; in the near future, it could make the difference between your community being highly visible in Google search results and having it be penalized for not being secure.
Secure websites currently make up about 56 percent of websites, which clearly isn't good enough, as evidenced by the daily news of hacks and security breaches. Google has assembled 'Team Zero' to help tackle the current lack of cyber security across the web. Team Zero is dedicated to making the Internet safer as a whole, and is currently developing detailed best practices to make securing sites easier. In the meantime, they offer these tips to webmasters:
- Decide the kind of certificate needed: single, multi-domain or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLS for all other domains
- Check out Google's Site move article for more guidelines on how to change a website's address
- Don't block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible, and avoid the no index robots meta tag
If your site is already serving on https, you can test its security level and configuration with this SSL server test. In the meantime, take advantage of some of Team Zero's tips and stay vigilant when it comes to cyber security for your online community.