Posted by Jon Remsa on May 24, 2018
This data is your data, this data is my data
From Target credit cards to Yahoo users
From the Equifax breach to Facebook’s murky waters
Your data was made for you and me.
Is your site’s data secure?
With all of the recent data breaches, it’s fair to wonder if your data is safe.
We all need a safer web, but how do we make that happen? Unfortunately, given that the internet consists of a globalized community of computer networks, the sad reality is that one person, alone, cannot make a difference. But together, we all can.
Secure Socket Level Certificates (SSL Certs)
One of the easiest and quickest ways you can help create a safer web is to encrypt and authenticate your website data by adding an SSL Cert (or updating your existing one). If you missed our previous post on SSL Cert guidelines and benefits, you can check it out here.
Major browser vendors and certificate providers have taken several steps in the past couple of years to ensure that SSL Certs become the norm. There’s been a strong push to migrate from SHA-1 to SHA-2 certificates. SHA stands for Secure Hashing Algorithm, which is a hash algorithm used for encryption. Imagine it’s like converting all of your website’s data to really complex strings of characters that can’t be decrypted. Something like this:
SHA-1 is a 160-bit hash. SHA-2 is generally a 256-bit hash…suffice it to say that the longer hash used by SHA-2 is better for data encryption.
Go Home, HTTP, No One Likes You Anymore
Early last year, with the release of Chrome 56, Google began to flag any HTTP sites that collect passwords or credit cards as non-secure. Well, beginning in July of this year, with the expected release of Chrome 68, ALL HTTP sites will be flagged as not secure. This will likely be a deterrent for any user visiting sites without SSL Certs and could have a major impact on your website’s traffic. The time to get an SSL Cert is now.
There are additional incentives that go beyond security. The web is gradually migrating toward the new and improved network protocol, HTTP/2 (an upgrade from HTTP1.1). In a nutshell, this new protocol streamlines the exchanges between your browser and the web server, which results in a faster website. Most major browsers already support HTTP/2. But here’s the kicker: it’s currently only supported for encrypted connections with no plans to provide support for unencrypted. Without an SSL Cert, you’ll be stuck in the slow lane.
We’re Here to Help
Since SSL Certs are becoming more prominent, you need to make sure you’re getting the right cert. Last year, Google and Mozilla conducted investigations in which they concluded that Symantec, a major Certificate Authority (CA) had been negligent in their quality of certificates. Both Google Chrome and Mozilla Firefox no longer trust Symantec certificates. This distrust extends to Symantec owned brands such as Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL. As a result, sites using these certs will be flagged in the browser and may not work properly.
If you don’t already have an SSL Cert on your site or are concerned about the quality of your existing cert, please contact us today and we can assess your needs.