Review of SSL certs for websites

In our hyperconnected world today, cybersecurity is a universal conversation whether a user is a student or a corporate citizen.

Many are aware of the danger, risk and vulnerability.  And as equally, many also take chances based on over 3 billion connected users in the world today, that they would not be that ‘unlucky’ to be the next victim of cybercrime.

 

Whichever side of cybersecurity you are at, this article aims to demystify some misconceptions about website security.

There are many dimensions to cybersecurity, digital assets and data protection.  This post only touches on one aspect, Secure Socket Layer, more commonly known as SSL certificates.

I am still quite astonished at the number of websites today, whose owners are lackadaisical in protecting their digital properties.  In the past six months, I met with several senior management folks and leaders to discuss about finding new top line paths to revenue and ways to manage risks. 

 

When it comes to managing risks, many became immediately puzzled and gaped when I showed and queried them their own website’s security lapses.  Some in turn, displayed ignorance and apathy.

 

Some of the websites are fairly high profile which facilitate online transactions.  This puzzles me more why the specific indifference.

 

In any case, there are several angles when it comes to protecting digital assets in a website.

 

These are three types of SSL protections a website owner can consider. 

  1. Domain Validated (DV)
  2. Organisation Validated (OV)
  3. Extended Validated (EV)

Below is a table to SSL certificates to show how they differ.

1.png

DV is the bare essential among them and it doesn’t cost anything more than a cup of designer coffee.

Depending on the set-up and purpose of your website, it may be recommended to at least go for OV.  Implementation can be quite tricky for some.  Do discuss with your internal IT personnel.

Below are screen shots to provide a visual of how to identify each of the validated certificates and more importantly, websites which do not have SSL at all.

These two websites open from Chrome browser show that there is no SSL or https at the URL. There is also a message box to remind visitors not to transact any information which is sensitive.

 Hoover the cursor or click on the ‘i’ symbol and the message would appear.

Hoover the cursor or click on the ‘i’ symbol and the message would appear.

3.JPG

This screen shot below shows how at https enabled website looks like.  There is a lock symbol.  This is an OV certified site

4.JPG
5.JPG
Gary Tan