Why it's more important than ever to secure your website
- {{x.value}}
{{ twilioFailed ? 'SMS Code Failed to Send…' : 'Enter verification code' }}
{{ completedStep1 ? 'Authentication & Security' : content.trialHeading.replace('{0}', user.FirstName) }}
{{ content.upgradeHeading.replace('{0}', user.FirstName) }}
The email address you entered is registered with InvestSMART
Please login to continue
We have sent you an email with the details of your registration.
Looks you are already a member. Please enter your password to proceed
{{ upgradeCTAText }}
Updating information
Please wait ...
Your membership to InvestSMART Group recently failed to renew.
Please make sure your payment details are up to date to continue your membership.
Having trouble renewing?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
You've recently updated your payment details.
It may take a few minutes to update your subscription details, during this time you will not be able to view locked content.
If you are still having trouble viewing content after 10 minutes, try logging out of your account and logging back in.
Still having trouble viewing content?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
Please click on the ACTIVATE button to activate your Intelligent Investor 15-day free trial
Please click on the ACTIVATE button to finalise your membership
Unsuccessful registration
Registration for this event is available only to Eureka Report members. View our membership page for more information.
Registration for this event is available only to Intelligent Investor members. View our membership page for more information.
- You are already registered for this event.
- This event is already full.
- Please select a quantity for at least one ticket.
- {{ i }}
Forgotten password
Please enter your email address below to request a new password
- Verify your email address by clicking on the link we sent to {{user.Email}}
- You now have free access, we look forward to helping you on your financial journey.
Google, Twitter, Facebook and many other major websites have moved to securing their information via HTTPS for all traffic. The excuses for not doing so are increasingly thinning.
As users of the internet, we all know we should not enter payment details or personal information on pages which are not encrypted using standards like HTTPS or TLS. That green bar at the top of the browser gives us comfort that the traffic we are sending and receiving cannot be intercepted and interpreted by malicious users.
What these larger sites have found, however, is that the line is blurring between what is personal information and what is considered general browsing. Hackers are now using seemingly innocuous data to piece together who we are, what we like and even what our account passwords for important data may be.
For example, many internet users carry one password across multiple accounts. Sometimes, that password can be used in websites which do not use HTTPS for the login form. However, from a non-HTTPS site, that password can be intercepted and interpreted then tried against all the other websites which the user frequents.
At the same time, hackers are skimming activity from users' computers to understand the user's interests, websites visited, and activities undertaken to improve the strength of targeted spoofing attacks. While less frequent (due to their more manual nature), Google has found these attacks are much more damaging when they occur.
By moving all traffic to HTTPS, attackers can no longer interpret the traffic travelling between the users' computers and your website so there is less chance they can piece together any data about your website's users.
What's the cost?
Traditionally, websites have avoided serving pages over HTTPS due to the higher compute cost required and the longer time required to deliver pages served over HTTPS. However, that has now changed.
In order to establish HTTPS communication between a browser and a website servers, there are a few more steps to the handshakes undertaken between those computers. Historically, this has been a costly overhead for the web server, serving the website. However, this is not the case anymore, and correctly deployed, a ‘ HTTPS everywhere' solution will not significantly increase server activity.
While previously, HTTPS has been shown to slow pages down, newer web delivery protocols such as SPDY mean secure pages can actually be faster than plain old HTTPS. Our testing at Squixa has shown material speed improvements for secure pages on SPDY for modern browsers.
Should you move?
Yes, you should; both for the protection of users on your site but also for the protection of those users on other websites. Data gathered on those users on your website might be used against that user just on your website. It could be responsible for attacks against that user or other businesses.
If you have HTTPS on your website now, you should move all pages to HTTPS. You will need to make sure all the parts of the page are served over HTTPS, or your users will see certificate warnings. If you are using a plugin on your website from a third party which does not have a HTTPS supported offering, it might be time to change providers.
If you don't use HTTPS on your website, you should buy a 2048-bit SHA-2 TLS certificate and start using HTTPS. There are many providers of certificates from free to $30 . The most expensive ones out there don't necessarily afford you any more protection. Again, as above, you will need to make sure all traffic on the page from all sources is encrypted to avoid those certificate warnings.
Stewart McGrath is founder and CEO of Squixa.
Call 1300 880 160
Start a chat
Schedule a call
