The internet being an unsafe place is hardly news to anyone. After all, many hackers use it to spread their malware and steal personal information. And given the number of cyber-attacks in the past couple years; it is understandable why people are extremely cautious when giving websites their passwords, credit card details, and tax file numbers.
Fortunately, there are defences to protect user information.
Have you ever noticed that some websites are prefaced with “https://”; rather than the common “http://”? The extra “s” may not seem like much; but it actually means the website you’re connected to; is encrypted and the data you enter is safely shared with the website and no one else.
The technology that makes this possible is known as Secure Sockets Layer (SSL); and here are some important things you need to know about it.
What is SSL?
SSL is a security protocol that establishes an encrypted link between a web server and a browser. This link turns information into indecipherable code; preventing hackers from reading any packets of data they manage to intercept.
But to establish a secure connection, web servers must have SSL certificates installed. In short, SSL certificates are a small set of files; that bind private and public keys to your company details. These keys encrypt and decrypt data travelling to and from the web server and browser; thus ensuring only authorised users have access to certain information.
SSL certificates also hold public files containing information about your domain name, certificate expiration date, and a digital signature of the certificate-issuing authority (CA) that allow browsers to verify a website’s certificate. Without this installed, visitors get security alerts not to trust your website.
Benefits of SSL for Australian businesses
Having an SSL-certified site provides many benefits to Australian businesses. For starters, SSL makes sure the data is not modified in transit between your clients’ browsers and your web server. This high level of protection is absolutely essential for ecommerce, online banking, and other websites that need users to input personal information.
What’s more, nearly all Australian businesses must adhere to the Privacy Act 1988; which requires them to protect the confidentiality and integrity of sensitive data. So by getting an SSL certificate, you can avoid massive noncompliance penalties (up to $1,800,000), lawsuits, and loss of customer trust. Having an SSL certificate also ensures people your website and business are authentic.
And believe it or not, search engine analysts say website security and encryption play a factor in SEO; which means websites with SSL certificates may appear higher in search rankings than those that don’t.
Types of SSL
When you visit sites that sell SSL certificates; you may be surprised about the various options available. There are DV, OV, EV certificates, and more. To help you decide which one is best for your website, here’s an explanation of the SSLs you can choose from.
Domain Validation (DV)
This is the most basic validation type for SSL certificates. To get one, you have to prove you own a domain by responding to a verification email. The process takes just a few minutes to produce a fully functioning certificate with the basic “https://” before your company’s domain name.
The problem with this validation method however is; it makes no attempt to verify the domain owner’s identity. This means cybercriminals can create fraudulent websites and; obtain a perfectly valid SSL certificate to trick users into handing over personal information. Consider using DV certificates for sites that don’t process customer information like blogs; but try not to use it for ecommerce or online banking sites.
Organisation Validation (OV)
A level above DV certificates is OV, whereby a CA inspects the domain owner and basic company information usually over the phone. Although it takes a few days, it is more reliable; since humans are involved in the validation process.
An example of an OV-certified site is Amazon; which fully displays the company information when you click the padlock icon and access ‘certificate details.’ As this method is considered more secure; OV certification suits most professional service websites.
Extended Validation (EV)
This offers the highest level of validation since the CA thoroughly verifies the ownership, company information, address, and legal existence of a business before authenticating the SSL certificate. Sites with EV certificates are usually recognised for the green address bar with the company’s name (see Commonwealth Bank).
EV certification is the best option for websites that usually handle large quantities of private data.
Besides the type of validation, wildcard certificates can protect an unlimited number of subdomains. For example, on purchasing a certificate for “www.acme.com.au”; any created subdomains (e.g., mail.acme.com.au, blog.acme.com.au); is also protected. This is the perfect choice for businesses that intend to use only one domain name and have plans to scale their services.
Multi-domain certificates let you encrypt up to 100 domains and subdomains with a single SSL certificate. This means if your original domain is “www.xyz.com” you can create and secure domains like www.xyz.com.uk, sales.xyz.com.au. These types of certificates are ideal for large enterprises that have multiple web servers across the globe.
How to get/install SSL certificates
Once you’ve chosen the perfect SSL certificate, go to a trusted CA like Digicert, GeoTrust, or RapidSSL. Keep in mind that prices vary greatly based on the type of certificate you purchase. For example, DV certificates can cost you nothing while EV certificates can go for as high as $1000.
Once approved the CA will send the SSL certificate via email; and you can download and install it like you would any other program. Finally, make sure the download contains an “intermediate certificate,” a digital file that proves the credibility of your SSL certificate by linking it to the CA’s root certificate.
Of course, if you’re having difficulty finding the best deals on SSL certificates and setting them up; you can always turn to a professional managed services provider. As one of Australia’s leading managed IT service providers, Empower IT provides the best tools and guidance to keep your business safe at all costs. Call us today for any advice on SSL certificates or anything related to security. We’re always happy to help!