The holidays are right around the corner and as the owner of a small business, you most likely rely on online sales and interactions to drive growth and exposure for your company. That being the case, it’s more important than ever that you take steps to make sure your website is ready to handle increased online shopping. You can start preparing for the holiday shopping season by reviewing our 10 Tip to Keep Your Business Website Safe infographic.
The growing frequency and severity of cyber attacks puts online data and transactions increasingly at risk. One of the best ways you can protect your business and your customers is by protecting your site with strong authentication and Secure Sockets Layer (SSL) certificates (basically, ensuring that people who access your site really are who they say they are).Unfortunately, like many SMBs, you may have limited resources, which in turn means limited or no dedicated IT staff, so when it comes to things like authentication, SSL certificates and encryption you may not know where to start.
So let’s get down to the basics.
What is SSL?
SSL stands for “Secure Socket Layer.” An SSL certificate is a digital computer file (or small piece of code) that has two specific functions:
- Authentication and Verification: SSL certificates contain information about the authenticity of the identity of a person, business or website, which it will display to visitors on your website when they click on the browser’s padlock symbol or trust mark (e.g., the Norton™ Secured Seal).
- Data Encryption: The SSL certificate also enables encryption, which means that the sensitive information exchanged via the website cannot be intercepted and read by anyone other than the intended recipient.
A website that is secured with a SSL certificate will display “https://” before the address. This stands for “Secure HTTP.”
Just as a passport may only be issued by a country’s government officials, an SSL certificate is most reliable when issued by a trusted Certificate Authority (CA). The CA has to follow very strict rules and policies about who may or may not receive an SSL certificate. When you have a valid SSL certificate from a trusted CA, there is a higher degree of trust by your customers, clients or partners.
How does it work?
In the same way that you lock and unlock doors using a key, encryption makes use of keys to lock and unlock your information. Unless you have the right key, you will not be able to “open” the information. Each SSL session consists of two keys:
- Public key: Used to encrypt (scramble) the information
- Private key: Used to decrypt (un-scramble) the information and restore it to its original format so it can be read
Every SSL certificate that is issued for a CA-verified entity is issued for a specific server and Web address. When you visit a website with an SSL certificate, an SSL “handshake” occurs between the web browser and server. Information is requested from the server – which is then made visible to the person in their browser window. You will notice changes to indicate that a secure session has been initiated – for example, a trust mark will appear. If you click on the trust mark, you will see additional information such as the validity period of the SSL certificate, the domain secured, the type of SSL certificate, and the issuing CA. All of this means that a secure link is established for that session, with a unique session key, and secure communications can begin.
Why do I need it?
Simply put, your customers want to know that their information is safe. After all, they are providing you with very personal, very important information that allows access to their money. Failing to protect that information may not only result in unhappy customers, but you may be exposing yourself to serious legal trouble. One way you can show your customers that you are serious about protecting them is to implement SSL.
Another reason for implementing SSL is to verify that you really are who you say you are. The Internet is full of cyber criminals and malicious websites that look legitimate, but aren’t. These sites steal information when would-be customers try to make payments. Having an SSL certificate helps authenticate the identity of your business by showing that your website is verified as secure, and you are shown to be who you say you are.
One important thing to remember is that not all SSL certificates are created equally. When choosing a CA, look for a reputable company with a strong history of trust and security. You can find additional security tips to help you keep you and your customers safe this holiday season by visiting the Symantec Authentication blog.
As a leading CA, Symantec sells and issues several variations of SSL certificate solutions and services to companies of all sizes. Please visit us here for more information on Symantec SSL certificates.
Excerpts of this post were taken from the Beginners Guide to SSL Certificates: Making the Best Choice when Considering Your Online Security click the link above for a more detailed walkthrough of SSL.