Saturday, October 16, 2021

To The SMB Owner: Why You Need To Understand The Importance Of SSL Certificates

 


Apart from the key products and services that you are offering to your existing customers and prospects, image plays a very important role.  Yea, as business owners, we want that fancy websites that looks better than everybody else’s, with the fancy designs, logos, online store, etc.  But all of this does not mean anything if your online presence is not secure.

There are many ways in which a website can be made secure, ranging all the way from writing and compiling secure source code, to making sure that your database is secure if it is going to hold the PII datasets of your customers (like credit card information, contact info, etc.). 

But one obvious one, and which will stand out more is the locked padlock and the “HTTPS” that stands out in your domain name once end users log into it.

If they don’t see it, there are pretty high chances that they will immediately close out their Web browser, given the times that we live in today.  And of course, this will be the first glaring red flag that they will remember about your business, so you do not want to risk this.

In the end, it all comes down to implementing the needed SSL certificates.  These are very affordable these days, and you can choose the lifespan of how long you want them to last, ranging from one to five years.  But keep in mind though that if you choose a longer lifespan, you are going to pay more. 

That is why most SMB owners go for the cheapest route possible, which is paying for the one-year lifetime.

Now the problem arises, suppose you have multiple websites with just that one year lifespan, how do you keep track of which SSL certificate needs to be renewed when?  Under most circumstances, your ISP should be emailing to you notifications, if you have elected for that kind of option.  But you, the SMB owner, need to take a proactive role as well, in case you do miss an email or it just never comes through.

Here are some quick tips in how to do this:

1)     Have a defined process in place:

Just as much as people harp upon the fact that you need to check for passwords on a regular basis, your IT Security team, or even somebody else from your IT Department should be checking on a regular basis when the SSL certs expire.  Now if you have just one website, then there is no need to do this.  This is only if you have multiple sites.  Keep in mind that you do not have to all out fancy here.  Even if you have a basic spreadsheet with the domain, its SSL unique ID, and date of expiration, you are all set to go.  You don’t even have to check on a daily basis.  Just have someone examine that Excel sheet at least once a week and do a random check on a couple of the sites just to make sure all is functioning well from that standpoint.

2)     Automate the process:

Now suppose that you are classified as a medium sized business, with having at least 1,000 or greater employees.  In these instances, managing the SSLs will become quite a bit more tedious than using the solution described in #1.  So in these instances, you may even want to consider automating this process.  One of the best ways to do this is use either AI or ML.  Although this may sound complex, it really is not.  For instance, many may ISPs even offer this option as add on, and if you choose this, the SSLs that are about to expire will be updated automatically with a newer one, and your credit card will be charged accordingly (but keep in mind of this option that you have chosen – you don’t want to all of a sudden think why these charges are all of a sudden appearing from time to time).

3)     Keep a visible environment:

It is also important to keep in mind that it is not just Web sites that need these crucial SSL certs.  Even IoT devices need them to certain degree as well.  For example, if you have a Remote Workforce that is totally into the IoT by the kinds of devices that you are issuing to them, then these network connections also need to be secured by a factor that is much more.  Thus in this particular instance, using a spreadsheet will be archaic at best.  You actually need to map out all of these interconnections, but don’t think of drawing them out in Visio.  Instead, get a Microsoft Azure account, and from this, you can map out all of these network connections on a real time basis, and any updates can be made automatically to it. This will give you a great, bird’s eye view of what is happening to all of your IoT devices, and the SSLs that are associated with them.

4)     Pay careful attention to your legacy apps:

All of the information that I have presented thus far is based solely on the premise that the apps and devices that you are currently making use of are fairly recent.  But then there are those businesses that still make use of legacy systems, especially those that make use of technology going back to the 1970s like SCADA.  In these cases, it is almost impossible for today’s SSL certs to be used on them.  For these situations, you will have to think of other alternative means, or simply get rid of these old systems if possible, and replace them with newer ones, if it is affordable to you, as an SMB owner.

My Thoughts On This

Well, there you have it, some quick and easy tips to help you manage your SSL certs.  It is even quite easy to install them by yourself, but I would actually recommend that your ISP do them for you, just to make sure that everything is done properly. 

Also, many of these ISPs offer special sales on this kind of stuff, especially now with Black Friday and the Christmas shopping season coming up.

Try to get as many of them as possible when they are cheap.  Also, when you buy them, the SSL certs do not become activated yet.  They only do so once they are installed.  For instance, I have purchased a few SSLs myself when my ISP had them on a special size.  I just keep them on inventory and use them when it is absolutely needed.

Another point I want to reiterate here is the importance of having your websites updated with the SSL certs.  When I do my own prospecting, and come across a website with warning message that it may be insecure because of an invalid cert, guess what I do?  I just navigate away from that page. 

This is one of the surest ways in which you can lose prospects and other visitors to your site. The moral of the story: 

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...