Why HTTPS does not secure your website from hacking and malware

January 2nd, 2017   •   Comments Off on Why HTTPS does not secure your website from hacking and malware   

Hyper Text Transport Protocol Secure (HTTPS) is the secure connection protocol for HTTP, the connection protocol we all use to navigate the web, and to visit websites, it is a vital part of web security.

 

HTTPS is used whenever a secure connection is needed between your web browser and a website.  This includes:

  • Transfer of private, personal information, such as social security number, name, address, etc.
  • Transfer of data in e-commerce transactions
  • Transfer of other sensitive data

 
Why does HTTPS not make my website secure?
 
HTTPS, while an important piece of web security, is a mechanism for securing information in transit. It ensures that the information being transferred between a browser and web server is safe from hackers that may be trying to steal your information as it is in transit.
 
The actual act of securing a website  and web security is a very complex process. HTTPS does not stop attackers from hacking a website, web server or network. It only secures the data from your visitors to the web server and back.
 
Your website’s software itself is probably open and vulnerable to attack
 
Even if your business website was created by a web pro, and is hosted by a reputable hosting company, your website is likely wide open to hacking, viruses and malware.  Web security is an ongoing process, and is usually not addressed by web designers or hosting companies (they will keep their server secure, but not your site).
 
HTTPS will not stop an attacker from:

  1. Exploiting software vulnerabilities in your site
  2. Brute forcing your access controls
  3. Or attacking your website’s availability by Distributed Denial of Services (DDOS) attacks.

 
The Chatham Group’s FireForce™ website security service keeps your business website secure, and reduces your risk of liability on an ongoing basis, 24/7, 365.  Contact us for a no obligation analysis of your web security.