January 2017 Deadline for Securing your Website with HTTPS
November 17, 2016
Almost all websites accepting credit cards now have proper certificates in place to serve the site securely via HTTPS, which shows the “lock” icon in your browser address bar. If you don’t see the lock icon in your browser, never provide any sensitive information.
Google has been pushing stricter security standards over the past year or so and we’ve upgraded all of our customers’ certificates to use stronger keys to avoid Google’s security warnings. But farther-reaching changes lie ahead for HTTP requirements…
What is HTTPS and why do I need it?
Secure sites start with “https://” rather than “http://” and protect your transmissions by encrypting data with a pair of public and private keys. Your browser uses the certificate’s public key to encrypt data transmitted and decrypt data received from the server. The web server, on the other hand, uses the private key to decrypt data received and encrypt data sent to the browser. Since the Internet is a huge network of servers and Internet Service Providers (ISPs), your request never goes directly from Point A to Point B, but is routed between dozens of points in-between. These intermediary points lack the public key to decrypt data, so your transmission remains private.
How is Google changing their security warnings in January 2017?
Starting with Chrome 56 (to be released Jan 2017), Google will warn users when a site is not secure if the page is asking for credit card information or passwords. This will affect things like company intranet sites (rep portals, employee-only pages, etc.) if no certificate is installed.
Eventually, all non-HTTPS sites will display the warning seen below as the push toward a more secure web continues.
It’s never too early to secure your website and HTTPS should not be ignored just because it’s not yet a hard requirement. Depending on the number of websites you run, it may be more cost-effective to purchase a 5-domain SAN (Subject Alternative Name) certificate or a “wildcard” certificate that can be used across unlimited servers and sites within your domain (www.example.com, reps.example.com, mail.example.com, shop.example.com, etc.).
We’d be happy to discuss this requirement with you and help you choose the best certificate to secure your online presence.
The Internet of Things
December 13, 2017
DON’T IGNORE – IF YOU HAVE OUTLOOK 2007 – ACT NOW!
October 24, 2017
On Premises or Cloud
September 29, 2017
What is a good response time for IT Support?
June 29, 2017
More Businesses Installing Low Cost Digital Displays
March 24, 2017
“Gooligan” Infecting 30,000 Android Devices Daily
December 2, 2016