Getting Serious About Web Security

You may have followed a number of news stories lately about security on the internet.  From Facebook’s blunder with allowing data to be shared with Cambridge Analytica to data breaches at financial institutions and other headline-grabbing events, the topic of internet security is practically everywhere.   And, it’s about to get even more active.

There used to be a day when the only people who needed to be concerned about website security were e-commerce stores.   If you had any kind of transaction element to your website (a checkout, an online donation form, or some financial or personal data  exchange) then you needed encryption tools.  Google’s position now is best described as “SSL Everywhere” and the ultimate goal of encrypting the entire internet.

Beginning in July, 2018 a gradual process made towards securing the internet is about to get more serious.   With the release of the expected version 68 of the Chrome Browser (one of the more popular browsers on the internet), the following, very distinct change will take place:

Sites choosing to not use proper encryption technology will now be specifically flagged as being “Not secure” on the browser.   This ought to make a number of website owners nervous.   We here at The Ridgefield Group have been talking about this since December, 2016 when the plan was originally announced by Google.  At that time, this “Not Secure” flag was to be rolled out in January 2017.   The date was pushed back to July 2018 to give users time to adjust, and we suspect that a second date change will be unlikely.

What you need to do

Check your website.  Visit your website and see what you get when you type in https://www.yourdomainname.com.    Ideally, your website is already running under a secure encrypted layer and is not at risk of being flagged by Google.   What you really want to see is the indication below that your site is absolutely secure.   The green lock and “Secure” text, as well as the “https://” are indicators that the site is secure (the red line does not appear in your browser – that is added to the image below to help show the detail).

What if my site is not secure?

You have a shrinking window of time to ensure that your website is made secure.  Several things could be happening on your site.  Your web developer or hosting company may have provided you with a secure certificate, but perhaps it’s installed incorrectly.   Additionally, the site may indeed be operating under the secure layer, but there are insecure elements that need to be corrected before the browser will report the correct secure confirmation.

Regardless of the reason “why” your site is failing, the bottom line is that if it’s not correct, then it’s going to be flagged as being “Not Secure”, and that is bad for your business.  If you’re unsure or have concerns about your website, contact us for help.   There’s a simple, easy way for us to test your site and confirm why it may not be secure.   We can then discuss solutions to help keep your site working well.

What if my site is secure?

If your website is showing the correct green lock and indicators, you can breathe a (quick) sigh of relief.  Your task for now is complete.   But, there’s a concern that you want to be aware of moving forward.   Internet Security is never a ‘one-and-done’ thing.   Staying vigilant and informed about your site’s security is important.   Every SSL certificate will eventually expire and knowing when your expiration date hits is important.   Your web developer or hosting company should be able to tell you this information easily.  If you’re unsure, you can check the certificate path.

Step 1:   Open your website in the browser (screen shots here are all using Chrome).

Step 2:    Click on the “Secure” text to the left of the https:// in the address bar and the drop down will appear.

Step 3:   Click on the “Certificate” link and you’ll get the following information to appear.  The valid dates for your SSL will appear at the bottom.   The highlighted text below shows the expiration date for our SSL.   That expiration date is key for your replacement of the current SSL with a renewal.

Stuck? Unsure? Confused?

This may be confusing to  you and may encourage additional questions.   The world of internet security and online encryption is not easy!   We get questions all the time from various businesses looking for straight-forward answers.

How can we get a certificate installed?   Are there different kinds of certificates?   Is there a recommended “level” of certificate that my business ought to use?  How much does an SSL cost? Should we buy an SSL from any particular vendor?

If you need help and just want straight, layman terms, give us a quick call or email and we’ll gladly help you navigate the best, most efficient way to secure your website and ensure you don’t get flagged by Google for having a website that is “Not Secure!”