article

Google-mageddon Approaches: Is Your Site Safe?

HTTPS

… branded with the words “Not Secure” right in the Goggle Chrome address bar — no clicking necessary.

Versa Networks' Rob McBride

Versa Networks’ Rob McBride

“Awareness is absolutely critical,” says Robert McBride, director of marketing, Versa Networks, another staunch supporter of Google’s ‘Not Secure” campaign. “This approach helps to ensure that users are aware of the potential risks of doing business across the World Wide Web.”

As most telecom industry players know, encrypted websites run on the Hypertext Transfer Protocol Secure standard, HTTPS, and often feature a green lock or other emblem in the browser address bar indicating that the site is encrypted and operates at a higher level of security. Standard websites that run on the less secure Hypertext Transfer Protocol – or HTTP – are not encrypted and feature no such emblem.

Compounding the anticipated pandemonium over Not Secure branding is a related decision by Google to “remove trust” from any website certified as encrypted by Symantec prior to June 1, 2016. The reason: Google has repeatedly expressed skepticism regarding the veracity of Symantec’s certification process prior to that date, and has simply decided to invalidate such certifications for users of its Chrome browser. The decision – which goes into effect no later than July – will be a major blow to website operators in its own right, given that Symantec is one of the largest purveyors of encryption certifications on the Web.

Hardest hit by the dual decisions will be operators of non-e-commerce websites that require no passwords for entry and don’t accept credit cards or other forms of digital payment. For years, such sites were not favorite targets of attackers, given that no monetary transactions took place. But more recently, malicious hackers have been launching drive-by attacks from these unencrypted sites by inserting code into their pages that enables them to download malware to someone visiting that website, or code that directs a visitor to a phony webpage asking for credit-card or other personal information.

Let's EncryptThe good news for businesses looking for encryption is that many web hosting companies have decided to offer basic encryption as a free, value-added service. Many of those hosters work with Let’s Encrypt, a nonprofit organization whose mission it is to offer free, basic encryption to any website owner who needs it.

If you’re looking to go the free route with Let’s Encrypt for your or a customers’ site, the best move is to talk with your web hosting company and verify that it has a tool on your site control panel that enables you to easily add a Let’s Encrypt certification. Many web hosts without such a tool do enable you to install Let’s Encrypt certification, but that manual process is tedious, and it’s often easier under such a circumstance to simply switch to a web host that features a Let’s Encrypt tool.

Other organizations offering free encryption include Comodo and Cloudflare.

Either way, this is an opportunity for partners with a web designer or the coding skills to …

Pages: Previous 1 2 3 Next


Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 100634