Cyber Security

Lets Encrypt SSL

August 2018 update

Our website is fully encrypted SSL secure. That is, when you browse our site you’ll notice that address bar is shown as a padlocked ‘https://’ with the emphasis being on the ‘s’. The communication between your web browser and our web site is fully encrypted such that it cannot be intercepted by eavesdroppers. In order to do this our website issues what is known as a Digital Certificate to your web browser.

From August 26th 2018 our Digital Certificate is issued by Let’s Encrypt. Let’s Encrypt digital certificates are issued by the not for profit Internet Security Research Group. Let’s Encrypt is entrusted by Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry amongst others and is a Google Platinum partner.


 

Cyber Security continues to make the headlines as UK parliament were hit by a cyber-attack just this week. Our whole site is now fully SSL encrypted. In real world terms that means you should see a padlock sign or a green title bar in your browser title bar on every page of our website. Our site should be shown as https:// with the emphasis being the ‘s’

SSL encryption, which powers HTTPS, has a number of security benefits. Without a securely encrypted connection between website and visitor, it’s possible for an intermediary to listen in on data being sent between the two, or even replace data in transit.

We wrote in 2015 how we had encypted all pages where customer login or information passes such as our account login and shopping cart checkout. We held off encrypting our whole site as at the time SSL was slow and gave a poor user experience. Since then browser technology and web servers have improved such that an encrypted website is now as fast as a non-encrypted one, and in some cases faster. So we have now moved to the latest technology web server and fully SSL encrypted our website as well as other back ground updates.

So we’re continually working to keep our website safe for you to use.

Here are a few key points:

  • We never store any credit card or payment information on our website
  • Our website is fully encrypted with a Let’s Encrypt security certificate
  • We never get to see your account passwords – they’re fully encrypted
  • Our site is server side anti-virus scanned daily by a retained cyber security firm
  • We have multiple firewall and website protection measures
  • As many of our customers know – it’s not possible for us to increase the amount of money we take for an order we can only issue full or partial refunds.

So look for the padlock sign, green title bar, or secure message in your web browser.

If you have any queries on using our website safely please don’t hesitate to contact us.

Matthew Short – Director, Lick the Spoon

 


October 2015

Cyber security has been a hot topic this week with the news in the UK that Talk Talk lost 4,000,000 customer details in a severe cyber attack. So it seemed a good time to talk about cyber-security on our own website and some of the measures we’ve implemented and continue to review.

We should firstly state that we never record, store or process any card details on our website and are PCI validated, with SagePay as an independent payment gateway. We do however retain customer address and contact information relating to online orders. So security is extremely important to us as is our reputation!

So why is Cyber security in the news so much lately?

There is an informative TED talk on cyber security where the presenter famously states that 50% of the world’s web sites have been hacked… and the other 50% don’t know they’ve been hacked!

There is a probably a good deal of truth in this statement. We experienced a website hack ourselves a year ago along with hundreds of thousands of other websites through a so called vulnerability that came to light. Fortunately rather than an attempt to extract details it was an automated bot attack that injected hundreds of undesirable website links into our database when I inadvertently reviewed a spam comment. Over many years of running an honest business building a good reputation we had unwittingly built up Search Engine Optimisation (SEO) for the name of the street our former shop was situated on. This coincidentally happened to be suitable SEO for a certain type of unethical website who injected links to piggy back off our good reputation!

Though we spotted it quickly, it was devastating when it happened. It did act as a security wake up call. A computer expert and former software engineer myself I couldn’t immediately clean up the site and so we enlisted the services of an external security company Siteguarding who quickly and efficiently performed the cleanup. The security company were so good that we enlisted them on a retainer contract and they now deep scan our website from the server side daily providing a report of both anti-virus and human independent security checks on our site with 24/7 support backup. Worth the money we think!

We made a number of other security changes. We moved our web server as a precaution. It is now based in London and is hosted with a reputable company running on its own server. We have also automatic security updates applied to our site.

In addition to the services of the external security company we implemented a second firewall and security package on our site which has a host of brute force attack prevention and security lock-down measures. Though we don’t want to talk about those in too much detail!

We have recently further strengthened our site security by implementing an SSL security certificate with Comodo and now all user account login or order details are entered through encrypted https pages showing the padlock sign in a web browser.

Whilst nothing is ever 100% certain, we’ve implemented more security measures than many much larger businesses and are working hard to keep our website safe for you.

As part of this process we’ll shortly be introducing a PayPal gateway for those that prefer PayPal to manual entry of card numbers in SagePay.

If you have any queries on using our website safely please don’t hesitate to contact us.

Matthew Short – Director, Lick the Spoon