Website Security: What You Need To Know

By -

Big changes are on the horizon concerning website security, specifically for websites that do not currently have SSL/TLS certificates. As of July 2018, all websites that do not have this specific certificate will be “distrusted” by Google Chrome, and on the web as in life – trust is everything.

Even if you have a SSL/TLS certificate, it may not be enough, as Chrome has released a detailed plan to eradicate its browser of any Symantec-issued SSL/TLS certificates.

Symantec is a company that has issued about one-third of the SSL/TLS certificates on the web. These certificates are what web browsers (such as Google Chrome and Mozilla Firefox) use to deem a website as secure and trustworthy. They indicate that a site has met the appropriate data encryption and authentication standards needed to be deemed “secure.”

That was, until Google Chrome lost trust in Symantec’s certificate issuance policies and made the decision to start distrusting any website that had a Symantec-issued certificate. Certificates issued from the company’s affiliated brands (Thawte, VeriSign, Equifax, GeoTrust and RapidSSL) will also be deemed insecure and not trusted by the Chrome web browser.

What Does This Mean?

So what does this change mean for the websites that have these distrusted SSL certificates, and more importantly the businesses that own such websites? Well according to Google Chrome’s plan, it could mean chaos and inconvenience for both business owners and web users alike. Based on the timeline, some people may already be experiencing this chaos.

Google Chrome’s Timeline  

In 2017, Google issued two different deadlines for websites using Symantec-issued certificates. The deadlines were based on the anticipated release dates of Chrome 66 Beta and Chrome 70 Beta:

March 15, 2018 (Chrome 66 Beta) – Websites with Symantec-issued SSL/TLS certificates issued before June 6, 2016 will need to replace them with certificates issued by a trusted provider. Popular trusted providers include DigiCert and Comodo

September 13, 2018 (Chrome 70 Beta) – Websites with Symantec-issued SSL/TLS certificates issued before December 1, 2017 using Symantec’s “old” PKI infrastructure, will need to replace them with new certificates issued by a trusted provider.

What Happens If You Miss The Deadline?

If you’re website has a Symantec-issued certificate that isn’t replaced by the deadlines mentioned above, it’s sure to become the root of frustration for you and your online visitors. Google Chrome will start displaying a warning to all users trying to access your website. The warning will state that the connection is not private and that someone may be trying to steal their information. It will block access to your website until the user clicks past the warning and agrees to accept the risks involved in continuing onto your site.

As you can imagine, this will dramatically shape the way your customers, and potential customers, interact with your brand. As a business-owner, you know that first impressions are everything, and in today’s digital landscape, that first impression is often made online. This is why it’s so important to understand the changes happening on Google Chrome, and have the proper SSL/TLS certificates in place.

What You Should Do Now

1. If you are at all concerned about how these changes may affect your website, you’ll want to do the following: Check what SSL certificate you have. If you have a Symantec-issued certificate, find out when it was issued and when it will expire.

2. If you have a Symantec-issued certificate, make plans to replace the certificate before the appropriate date.

3. If your website was created by a web developer or external digital marketing agency, get in touch with them sooner rather than later to make sure you have the correct SSL/TLS certificates in place.

Contact Your Web Developer

To ensure your website doesn’t display that scary security warning to your visitors, you’ll want to reach out to your website developer as soon as possible. They’ll be able to tell you which certificates your site has and go through the process of replacing your certificates if necessary.

A Time of Opportunity

While this change may seem like an inconvenience, it can be a great opportunity to refresh your website. If you are using a Symantec-issued certificate, your web developer will have to go into your site to replace the certificate no matter what, so why not have them perform some maintenance and optimization while they’re there?

ABOUT ZOO Media Group

ZOO Media Group is a website design and development company based in London, Ontario. We build beautiful, responsive, SEO and user-friendly websites that not only meet but exceed our client’s expectations. Our web skills run deep and we speak all languages including HTML5, jQuery, and Bootstrap to name just a few. Whatever your business needs, we can build it. Whether you already know exactly what you want out of your website or need a hand creating the perfect web solution for your company, our talented web development team can help. Contact us to learn more.