Cybercriminal attacks are getting more and more sophisticated. If your business's site doesn't have an SSL certificate you are putting your reputation and your site's visitors at risk. In this blog, we will be covering:
If your business's website doesn't have an SSL certificate, we can help. Book a call today.
SSL Certificates are a vital part of internet security, especially when your business needs to have an online presence. SSL certificates secure your domain, providing your online visitor's security, which is paramount. You need to create a secure environment that makes clients and potential customers confident in your business. Position your business as a trusted and secure resource- an SSL certificate helps you do that in two essential ways:
As technology advances, so does the sophistication of cybercriminals attacks. We have seen business's websites spoofed or redirected which causes a lot of grief for the business, their clients, and their potential clients. In fact, as a result, Google Chrome and other browsers will now penalise (and potentially block) any website that does not have an SSL certificate. Check to make sure your URL begins with https:// not just http://. The S indicated that the website does have an SSL certificate. If you don't have one, we can help you get one- book a call with us today.
Not all SSL Certificates are equal. There are essentially 2 types of SSL Certificate generally available now:
SSL certificates can only now be purchased for 1 year periods, so make sure to renew it every year.
There are definitely cheaper options out there for SSL certificates. However, you do get what you pay for.
As we outlined above, SSL certificates are not all the same. Having a cheaper SSL usually provides minimum encryption and trust, and is considered the bare minimum when it comes to protecting your website and it's visitors. The more expensive the SSL the more protection it provides. We can help you weigh your options and find the right provider for your business.
We have put together a checklist to help you decide on the best SSL provider for you:
1. Do they properly validate the identity of the SSL purchaser? This is a manual, slower process to ensure that the purchaser of the "www.CONTOSO.com.au" SSL certificate actually is CONTOSO and not an imposter. They also include your business name on the certificate. Cheaper providers simply do not have the infrastructure for this important step, or they skip it or do a very basic check = Lower Trust = the main reason for a cheaper price.
2. Is there a warranty offered to users of your internet services? Warranty is an insurance for an end-user against loss of money when they make a payment on an SSL-secured site. This is very important for e-commerce sites but is also important if personal data is being submitted to the secure site. e.g. GoDaddy offers only a limit of $1000 to end users against loss of money when submitting a payment on an SSL-secured site. = Lower Trust Our preferred provider comes with a $1 million warranty.
3. Are you buying the SSL from a registered Trusted Certificate Authority or just a wholesaler? Is the provider simply a mass wholesaler of other people's SSL's or do they directly stand behind it and offer the service themselves? Trusted Certificate Authorities are organisations that have earnt trust globally (and by all web browsers) to safely and securely provide secure identities. There are only 8 actual Trusted Certificate Authorities in the world. Our preferred provider is one of these Trusted Authorities and offers 24X7 support.
4. What Level of Encryption is provided? What level of encryption is provided to protect the data in transit over the public internet- 128-bit / 256-bit? This encryption means how easy is it for a hacker to grab the sensitive information. The standard now is 256-bit - which is a lot harder to hack.
5. Is the SSL Certificate guaranteed to Work on All Devices? Has the certificate been verified to work on all devices that may connect? e.g. smartphones and tablets? Some providers do not - though this is becoming less common.
As an internationally ISO27001 accredited organisation, Sensible Business Solutions takes security very seriously.
We have to go out of our way to ensure the systems and suppliers we deal with have best practices in place, offer business-grade support, etc. The choice is up to you - but we will always be able to help you with the systems we recommend.
If you need more assistance, give us a call, we're happy to lend our expertise to your organisation.
Yesterday, the Australian Parliament enacted the Privacy Amendment (Notifiable Data Breaches) Bill 2016.
This means that Australian organisations will now have to publicly disclose any data breaches.
Penalties for non-disclosure range from $360,000 for responsible individuals to $1.8 million for organisations.
Forget the fines, if the world found out you were responsible for a data breach, what would that do to your business reputation? Are you the responsible person?
Just about all Australian businesses and non-profit organisations:
Any day - as soon as the new law is signed by the Governor General.
A breach occurs where there has been unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals
AND this event could allow serious harm to an individual :
You’ll need to disclose what information was involved. This could include personal details, credit card information, credit eligibility information, and tax file numbers.
You’ll also need to advise the customers what they should do to protect themselves.
Penalties per non-disclosure range from $360,000 for individuals to $1.8 million for organisations.
If you need help with this, contact your professional Business Technology Adviser who should have the systems ready now to prepare and protect you.
If you require any assistance, call us to arrange a Data Security Audit at 1300-SENSIBLE (736-742) or email : email@example.com