SSL Certificate Warning

What Is An SSL Certificate and Why Should You Care?

We all know by now, the ‘bad guys’ are coming after our systems and data.

To infect us, to steal our data, and to encrypt our data for ransom.

 

To protect ourselves, we need both technology tools and the ‘human awareness’ firewall.

 

An SSL Certificate is one cyber security mechanism to help us be sure that we are navigating to the actual site we intend to visit, and not some crooked impersonator.

 

  • For sites we visit, an SSL Certificate adds protection of legitimacy.
  • For our own website, if we do not have an SSL Certificate, visitors may see a message warning them that our site is not safe, thus driving them away.

Hackers for years have tried to get people to click on links that take you to a site that looks very similar to the real site but might be spelled a bit differently.  For example, www.bancofamerica.com vs the real www.bankofamerica.com is a common trick.

 

Visual Clues You Will See As You Browse

To help combat these common tricks and add cyber security, the major web browser publishers are making changes to their products. Browsers now highlight which servers can be trusted and those that are questionable. 

 

When you visit a shopping site like https://www.amazon.com the “s” in that prefix denotes that the site is protected by an encryption certificate that the company you are visiting purchased and installed. The https protocol also represents that you are connecting over an encrypted session. The goal of encryption is to prevent hackers on the public Internet from ‘sniffing’ or capturing the data stream between you and the website. More cyber security.

These visual clues are becoming more dramatic as browser publishers release new updates. Here are some examples.

 

 Firefox displaying a secure site, https://www.amazon.com

 

 

The green lock symbol is to visually display that this is www.amazon.com.  If you click on the “i” button; it will give you information about the certificate registered to this website.

 

Secure Browsing -3.png

 

You can also click on the black arrow to the right and view the actual SSL certificate that Amazon purchased to secure their site.

 

Secure Browsing -4.png

 

At the following site, the green lock is missing.  This would denote that the site is unverified and not secure. Anything you type on the screen may be viewed by an intermediary.

 

Secure Browsing -5.png

Today, if  you click on the information icon, the browser will give you a gentle warning that the site is not verified.

 

Currently, web pages which collect passwords but don’t use HTTPS will display a grey lock icon with a red strike-through in the address bar.  In the future, the Firefox team will get more aggressive with sites like this. The browser will display the web address with a slash across a grey lock icon, regardless of password collection.

 

Secure Browsing -7.png

 

In future versions of Firefox, if you are asked to enter a password on a site that is still just using http, Firefox will give you this warning in the password box.

 

Secure Browsing - 8.png

 The Take Away For Business Owners and Executives

 

  1. Install an SSL certificate on your website.

    If you are a business owner or manager, contact your web design team and have them purchase and install an SSL certificate for your website. The certificate lets visitors know that your site belongs to you and is safe to visit.

    Visitors to your website will see icons indicating that your site is safe.

    Google recently announced aggressive changes in their web browser, scheduled for release in July of 2018. This will further enhance cyber security.
  1. Continue to Educate Your Employees.

    We urge continuing education to employees to reinforce the ‘human awareness’ firewall. Technology defenses are important but not enough.

    However, the ‘human awareness’ firewall is equally important to protecting us from the bad guys who want to steal our data, infect our systems, or hold us for ransom.

    Share this article or otherwise inform your employees to look for https on websites they visit and to beware of certificate warnings.


 Reference
:

https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/

https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

 

About MBSG IT Consultants

 

MBSG provides outsourced IT support and IT strategy--on the ground and in the cloud.

 

MBSG cyber security experts assess corporate infrastructure for information security risks and vulnerabilities. We recommend how to improve cyber security defenses. MBSG provides business owners and managers an independent, second opinion to protect their company.

For more information or to ask a question, contact MBSG.