Cybersecurity

HTTP is Obsolete: Welcome HTTPS

HTTP is Obsolete: Welcome HTTPS

Information Security Breaches in 2017 and How to Protect Yourself Online

News in 2017 has been filled with hacking. Election System hacking, Democratic Party website hacking, and viruses such as Petya and WannaCry have been all in news in 2017. You would think that your website is nothing of importance compared to those we cited above, and you should not be worried about the security of your website. It is stunning to find out that those hackers learn and practice their skills on regular websites every day. Provide HTTPS access to your website to secure customer information, and gain customer trust and business. Without HTTPS enabled any customer-submitted data is vulnerable to unauthorized access by hackers. If in a very rare case a website does not contain any input from users, then you should be concerned about having a secure connection for your website administration. In this case, a hacker is able to see every change you make to your website, which can lead to significant problems. Hacking has been a problem for any government or business, and the problem is getting bigger and tougher.

Hackers Steal 143 Million Equifax Credit Profiles in September 2017

After the initial post of this article, in August of 2017, another unprecedented hack hit the United States of America’s one of the most valuable company assets. On September 7, 2017, Equifax has announced that the credit information of approximately 143 million people have been stolen. They opened a website www.equifaxsecurity2017.com where you can check if you have been a victim or not. If you are a victim they offer credit protection for free. Unfortunately, after checking on their website everyone in DevelTon was a victim of the cybersecurity incident at Equifax.

Http Warning

HTTPS – Hyper Text Transfer Protocol Secure is becoming needed more in our dangerous society. It enables encrypted connection using SSL (Secured Socket Layer) or TLS (Transport Layer Security) certificate between the browser and the server.

SSL Certificate Type for Different HTTPS Needs

Http Lock in Browser

There are three types of SSL certificates, that you can get, in order to fulfill your specific needs. DV, OV, and EV SSL certificates vary in terms of how much identity verification each involves and how the certificates are displayed in browsers. Let’s discuss those three types of SSL certificates, and you can choose which one fits your needs. SSL types are going to be discussed from the least expensive and the least advanced, to the most expensive and the most advanced.

DV – Domain Validation

Domain validation is the simplest and the least expansive way of verification. DV SSL certificates provide the lowest level of validation. Domain-validated SSL certificates (DV SSL) are server security certificates that provide the lowest level of validation available. The company issuing the certificate only verifies the consent of a domain owner. There is no attempt made to verify who the domain owner really is. This type of certificate should be used for internal networks only, customers should not have access to websites with DV SSL certificates and should not use websites with those certificates. DV certificates are easy to get and are used by hackers to simulate a legitimate business and get your information.

OV – Organization Validation

Organization Validation (OV) SSL Certificates need more validation than DV certificates. As a result, they provide more trust and assure visitors that you are who you claim to be. The company issuing a certificate verifies your business name and address and makes that information visible to the user in SSL details. An OV SSL Certificate displays a lock and HTTPS prefix in the visitor’s browser bar. This tells your visitors they’re on an encrypted site and can share their info without security concerns. Organizations that use OV certificates have more customers willing to share their information on their websites. This can have a huge monetary impact if you own an online store.

EV – Extended Validation

Extended Validation SSL Certificates are issued as a result of vigorous authority checking. As a result of various verifications, the certificate authority (CA) is able to provide verified information about the company and the website. Users get more confidence when they see a green bar instead of an address bar and the company name before the “HTTPS” address starts. Corporations that have OV SSL certificates can see a change in sales after a switch to the EV SSL certificate. Banks, online shops, and other services can take advantage of EV-validated SSL certificates and have HTTPS connections instead of obsolete HTTP – insecure connections.

Choosing the right way to provide HTTPS access is different for every website. You need to choose between SSL and TLS, which each could be one of the following three types: DV, OV, and EV. Those choices can affect your website traffic and sales. Not sure what solutions to choose? Our experts at DevelTon will advise you with the best solution after learning more about your website. Contact DevelTon to discuss your options for HTTPS and other web projects.