Apart from the key products and services that you are
offering to your existing customers and prospects, image plays a very important
role. Yea, as business owners, we want
that fancy websites that looks better than everybody else’s, with the fancy
designs, logos, online store, etc. But
all of this does not mean anything if your online presence is not secure.
There are many ways in which a website can be made secure, ranging
all the way from writing and compiling secure source code, to making sure that
your database is secure if it is going to hold the PII datasets of your customers
(like credit card information, contact info, etc.).
But one obvious one, and which will stand out more is the locked
padlock and the “HTTPS” that stands out in your domain name once end users log
into it.
If they don’t see it, there are pretty high chances that they
will immediately close out their Web browser, given the times that we live in
today. And of course, this will be the first
glaring red flag that they will remember about your business, so you do not
want to risk this.
In the end, it all comes down to implementing the needed SSL
certificates. These are very affordable
these days, and you can choose the lifespan of how long you want them to last,
ranging from one to five years. But keep
in mind though that if you choose a longer lifespan, you are going to pay
more.
That is why most SMB owners go for the cheapest route
possible, which is paying for the one-year lifetime.
Now the problem arises, suppose you have multiple websites
with just that one year lifespan, how do you keep track of which SSL certificate
needs to be renewed when? Under most
circumstances, your ISP should be emailing to you notifications, if you have
elected for that kind of option. But
you, the SMB owner, need to take a proactive role as well, in case you do miss
an email or it just never comes through.
Here are some quick tips in how to do this:
1)
Have a defined process in place:
Just as much as people harp upon the
fact that you need to check for passwords on a regular basis, your IT Security
team, or even somebody else from your IT Department should be checking on a
regular basis when the SSL certs expire.
Now if you have just one website, then there is no need to do this. This is only if you have multiple sites. Keep in mind that you do not have to all out
fancy here. Even if you have a basic
spreadsheet with the domain, its SSL unique ID, and date of expiration, you are
all set to go. You don’t even have to
check on a daily basis. Just have someone
examine that Excel sheet at least once a week and do a random check on a couple
of the sites just to make sure all is functioning well from that standpoint.
2)
Automate the process:
Now suppose that you are classified
as a medium sized business, with having at least 1,000 or greater
employees. In these instances, managing
the SSLs will become quite a bit more tedious than using the solution described
in #1. So in these instances, you may even
want to consider automating this process.
One of the best ways to do this is use either AI or ML. Although this may sound complex, it really is
not. For instance, many may ISPs even
offer this option as add on, and if you choose this, the SSLs that are about to
expire will be updated automatically with a newer one, and your credit card
will be charged accordingly (but keep in mind of this option that you have
chosen – you don’t want to all of a sudden think why these charges are all of a
sudden appearing from time to time).
3)
Keep a visible environment:
It is also important to keep in
mind that it is not just Web sites that need these crucial SSL certs. Even IoT devices need them to certain degree
as well. For example, if you have a
Remote Workforce that is totally into the IoT by the kinds of devices that you
are issuing to them, then these network connections also need to be secured by
a factor that is much more. Thus in this
particular instance, using a spreadsheet will be archaic at best. You actually need to map out all of these interconnections,
but don’t think of drawing them out in Visio.
Instead, get a Microsoft Azure account, and from this, you can map out
all of these network connections on a real time basis, and any updates can be
made automatically to it. This will give you a great, bird’s eye view of what
is happening to all of your IoT devices, and the SSLs that are associated with
them.
4)
Pay careful attention to your legacy apps:
All of the information that I have
presented thus far is based solely on the premise that the apps and devices that
you are currently making use of are fairly recent. But then there are those businesses that still
make use of legacy systems, especially those that make use of technology going
back to the 1970s like SCADA. In these
cases, it is almost impossible for today’s SSL certs to be used on them. For these situations, you will have to think
of other alternative means, or simply get rid of these old systems if possible,
and replace them with newer ones, if it is affordable to you, as an SMB owner.
My Thoughts On This
Well, there you have it, some quick and easy tips to help you
manage your SSL certs. It is even quite
easy to install them by yourself, but I would actually recommend that your ISP
do them for you, just to make sure that everything is done properly.
Also, many of these ISPs offer special sales on this kind of
stuff, especially now with Black Friday and the Christmas shopping season
coming up.
Try to get as many of them as possible when they are
cheap. Also, when you buy them, the SSL
certs do not become activated yet. They
only do so once they are installed. For
instance, I have purchased a few SSLs myself when my ISP had them on a special
size. I just keep them on inventory and
use them when it is absolutely needed.
Another point I want to reiterate here is the importance of
having your websites updated with the SSL certs. When I do my own prospecting, and come across
a website with warning message that it may be insecure because of an invalid
cert, guess what I do? I just navigate
away from that page.
This is one of the surest ways in which you can lose
prospects and other visitors to your site. The moral of the story:
No comments:
Post a Comment