Get in Touch

Cybercriminal attacks are getting more and more sophisticated. If your business's site doesn't have an SSL certificate you are putting your reputation and your site's visitors at risk. In this blog, we will be covering:

What is an SSL Certificate?

The Types of SSL Certificates

Why do SSL Certificates Vary in Cost?

How to Pick an SSL Certificate Provider

If your business's website doesn't have an SSL certificate, we can help. Book a call today.

What is an SSL Certificate?

SSL Certificates are a vital part of internet security, especially when your business needs to have an online presence. SSL certificates secure your domain, providing your online visitor's security, which is paramount.  You need to create a secure environment that makes clients and potential customers confident in your business. Position your business as a trusted and secure resource- an SSL certificate helps you do that in two essential ways:

  1. It provides an encrypted link between the user and the server hosting your particular service. This is vital when exchanging sensitive information like personal information and housing financial transactions.
  2. It provides proof of identity. Verifying that the site they are on is owned and operated by the correct owners and has not been spoofed. How to check this: When you view the certificate (click on the padlock next to the URL)–The company name should match the website

As technology advances, so does the sophistication of cybercriminals attacks. We have seen business's websites spoofed or redirected which causes a lot of grief for the business, their clients, and their potential clients. In fact, as a result, Google Chrome and other browsers will now penalise (and potentially block) any website that does not have an SSL certificate. Check to make sure your URL begins with https:// not just http://. The S indicated that the website does have an SSL certificate. If you don't have one, we can help you get one- book a call with us today.

Types of SSL Certificates

Not all SSL Certificates are equal. There are essentially 2 types of SSL Certificate generally available now:

  1. Single Name Certificates (for only one service/host server) - e.g. www.companyname.com.au OR service.companyname.com.au, etc.
  2. Wild Card Certificates (for use on multiple services/host servers) - e.g. www.companyname.com.au AND service.companyname.com.au, etc. Wildcards, of course, are more expensive, but if you have more than 2 or 3 services they can be cost-effective.

SSL certificates can only now be purchased for 1 year periods, so make sure to renew it every year.

Why the Varying Costs for SSL Certificates?

There are definitely cheaper options out there for SSL certificates. However, you do get what you pay for.

As we outlined above, SSL certificates are not all the same. Having a cheaper SSL usually provides minimum encryption and trust, and is considered the bare minimum when it comes to protecting your website and it's visitors. The more expensive the SSL the more protection it provides. We can help you weigh your options and find the right provider for your business.

Which SSL Provider Should I Pick?

We have put together a checklist to help you decide on the best SSL provider for you:

1. Do they properly validate the identity of the SSL purchaser? This is a manual, slower process to ensure that the purchaser of the "www.CONTOSO.com.au" SSL certificate actually is CONTOSO and not an imposter. They also include your business name on the certificate. Cheaper providers simply do not have the infrastructure for this important step, or they skip it or do a very basic check = Lower Trust = the main reason for a cheaper price.

2. Is there a warranty offered to users of your internet services? Warranty is an insurance for an end-user against loss of money when they make a payment on an SSL-secured site. This is very important for e-commerce sites but is also important if personal data is being submitted to the secure site. e.g. GoDaddy offers only a limit of $1000 to end users against loss of money when submitting a payment on an SSL-secured site. = Lower Trust Our preferred provider comes with a $1 million warranty.

3. Are you buying the SSL from a registered Trusted Certificate Authority or just a wholesaler? Is the provider simply a mass wholesaler of other people's SSL's or do they directly stand behind it and offer the service themselves? Trusted Certificate Authorities are organisations that have earnt trust globally (and by all web browsers) to safely and securely provide secure identities. There are only 8 actual Trusted Certificate Authorities in the world. Our preferred provider is one of these Trusted Authorities and offers 24X7 support.

4. What Level of Encryption is provided? What level of encryption is provided to protect the data in transit over the public internet- 128-bit / 256-bit? This encryption means how easy is it for a hacker to grab the sensitive information. The standard now is 256-bit - which is a lot harder to hack.

5. Is the SSL Certificate guaranteed to Work on All Devices? Has the certificate been verified to work on all devices that may connect? e.g. smartphones and tablets? Some providers do not - though this is becoming less common.

As an internationally ISO27001 accredited organisation, Sensible Business Solutions takes security very seriously.

We have to go out of our way to ensure the systems and suppliers we deal with have best practices in place, offer business-grade support, etc. The choice is up to you - but we will always be able to help you with the systems we recommend.

If you need more assistance, give us a call, we're happy to lend our expertise to your organisation.

8 Things You Must Do Now To Protect You & Your Business Under The Brand New Australian Data Breach Privacy Laws

Yesterday, the Australian Parliament enacted the Privacy Amendment (Notifiable Data Breaches) Bill 2016.

This means that Australian organisations will now have to publicly disclose any data breaches.

Penalties for non-disclosure range from $360,000 for responsible individuals to $1.8 million for organisations.

Forget the fines, if the world found out you were responsible for a data breach, what would that do to your business reputation? Are you the responsible person?

Who does it affect ?

Just about all Australian businesses and non-profit organisations:

  1. Revenue > $3m p.a. – all organisations
  2. Revenue < $3m p.a. :
    1. Businesses that sell or purchase personal information along with credit reporting bodies
    2. Child care centres, private schools and private tertiary educational institutions.
    3. Individuals who handle personal information for a living, including those who handle credit reporting information, tax file numbers and health records
    4. Private sector health services providers (even alternative medicine practices, gyms and weight loss clinics fall under this category)

When does it start ?

Any day -  as soon as the new law is signed by the Governor General.

What is a data breach?

                A breach occurs where there has been unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals

AND this event could allow  serious harm to an individual :

  • Financial harm that could allow identity theft or fraud (e.g. Loss of financial data, credit card information, etc.)
  • Any other harm that, if the information was disclosed, could be deemed sensitive by that person and may subject them to discriminatory treatment, humiliation or damage to their reputation (e.g. health and other private information)
  • Harm may be physical, psychological, emotional, economic and financial harm, as well as serious harm to reputation

Who do you have to Notify ? 

  • All affected customers
  • and the Government Privacy Commissioner
  • within 30 days of any breach or data loss.

You’ll need to disclose what information was involved. This could include personal details, credit card information, credit eligibility information, and tax file numbers.

You’ll also need to advise the customers what they should do to protect themselves.

Penalties per non-disclosure range from $360,000 for individuals to $1.8 million for organisations.

What Must I do NOW?

  1. Inform and train all of your staff on the new responsibilities
  2. Document all systems that your staff may be using to store any customer data (including all those cloud systems – what about Dropbox, Google Docs, Slack, Amazon Web Services,etc.)
    1. Do you know exactly what is stored and where?
    2. Which systems store personal or financial data ?
    3. Are their security protocols designed for businesses and consistent?
    4. Can you control access to these systems?
    5. Can you audit activity in these systems?
      1. Will you even know if a data breach occurs? Ignorance is no defence
      2. Will you be able to report fully and in time? Slow systems are no defence
        1. All data breached must be disclosed within 30 days.
    6. Can you control the transfer of data in and out of these systems?
  3. Analyse if any of your services are private in nature?
      1. Do your customer’s care if the public find out they are using your services?
  4. Create a Data Storage and Archiving policy so your staff know where and how to store data.
  5. Create a Data Protection and Security policy for your organisation so only the right people have access to the data.
  6. Prepare and distribute a Response and Notification Plan for when an incident occurs:
    1. What will you tell customers and the Privacy Commissioner?
    2. Who will tell them?
    3. How will you tell them?
    4. Do you know what is good advice to protect them after a breach?
  7. Perform Test Data Breaches
  8. Check your insurances about your protection and liability requirements.

If you need help with this, contact your professional Business Technology Adviser who should have the systems ready now to prepare and protect you.

If you require any assistance, call us to arrange a Data Security Audit at 1300-SENSIBLE (736-742) or email : info@sensible.com.au

Sales
Support
Email
SHOPCUSTOMER SUPPORT CENTREEMAIL SUPPORT
Sensible Business Solutions © 2021 All Right Reserved
Privacy Policy
magnifiercrossmenuchevron-down