Expert has always taken security of its operations very seriously – we wouldn’t be able to stay in business if we didn’t. There are many aspects of where websites might be at risk of cyber-attacks and we believe we’ve always managed to provide top protection to our clients, as well as staying abreast of any new potential breaches perpetrated by the bad guys.
All the websites we’ve been building in recent years have secure certificates in place; it’s standard practice for Expert and the cost is now included in the monthly hosting and software leasing charge. Over the years we’ve also been encouraging our existing clients with older websites to have a secure certificate in place, as it is now an expected business practice, regardless of whether you capture personal info on your website.
MoST utilises an SSL certificate with a three-month expiry date. This significantly reduces the chances of a certificate’s key and password from being extracted from it over time.
So, what is a secure certificate and how does it work?
Put simply, a secure certificate, also known as a digital certificate or secure socket layer (SSL), is a small data file through which the authenticity, identity and reliability of a website is established. It’s part of the overall internet security required to keep websites safe, particularly to website visitors, ISPs (internet service providers) and web servers.
An SSL certificate provides the ability for data sent and received between a user’s device and your website to be encrypted. This prevents malicious perpetrators from being able to access and read the data while it is in transmission between their device, your website and visa-versa.
A third-party certification authority (CA) completes a process to evaluate the security framework of the website seeking a secure certificate, and once the security, authenticity and legitimacy of the website have been confirmed, the CA allots a security certificate to a website or website application.
The secure certificate is then embedded within the website or web application and is automatically provided to web browsers, web servers, ISPs, and firewall and security applications when requested.
Most security certificates are updated on at least an annual basis, though as mentioned above, Expert’s MoST websites’ secure certificates operate on a three-month expiry date, so are updated four times each year.
How can you tell if a website is secure?
In the top lefthand corner of a website, next to the URL, a small padlock icon appears. If the padlock is locked the website is secure; if it’s open then so is the website’s security. A visitor to a website that doesn’t have a secure certificate (evidenced by the unlocked padlock) does so at their own risk.
Should your website have a secure certificate?
In the past, having a secure website was vital if any e-commerce was undertaken on the website, or if a database was stored in a web application, so many people who did neither of these felt they didn’t need a secure certificate.
However, that has now changed with the Privacy Act 2020, and if a website has a contact form in place, where enquirers are asked to supply their personal information, such as contact details (usually email and/or phone number and occasionally their address), then this personal data must be protected in most countries, including New Zealand. Refer to the Privacy Act NZ for more information about this.
More and more website visitors are now familiar with the need for website visitor security and it’s expected (and now a legal requirement) that the website owner should be protecting the information that visitors supply. Once a visitor completes a contact form on a website, the data they supply is stored in the website owner’s database or email system and often used for future marketing purposes, as well as making initial contact with the enquirer. This data can have a very long shelf life.
There have been numerous reports of databases being hacked over the years and the information contained in said databases used for all types of nefarious activities, including identity theft, so it’s pretty easy to see why governments around the world have adopted legislation to keep personal information safe.
If your website doesn’t have a secure certificate already, there’s no time to lose. The good news is that having a secure certificate is really affordable (costs less than two cups of coffee per month) and there’s often no setup fee charged (Expert will set up your SSL free if you have a MoST site).
Another benefit is that users are more likely to fill in your online forms if they feel the information is submitted securely over the internet, which results in more visitors, more enquiries and ultimately more business.
If you’d like to know more about secure certificates just email us.
Additional security information can be found on Expert’s website in the Blog section