Special guest blog by Fran Rosch, Vice President Identity and Authentication Services, Symantec
Not many businesses can operate without a website these days and many also rely upon online sales to ensure steady growth and exposure. So as we head toward the holiday shopping season, it seemed an opportune time to remind SMBs of the importance of a certificate authority. Ensuring that your customer’s data remains secure during an online transaction is integral to repeat sales, visits and trust surrounding your business.
This can be accomplished by protecting your websites with strong authentication and SSL certificates. Plain and simple, SSL (secured sockets layer) certificates, using PKI encryption, will ensure that information stays private and secure through encrypted, unique sessions between a company’s web server and end user i.e. consumer or employee.
For example, would you send your private information or banking details to someone on the back of a postcard? Probably not. A smarter and safer practice is to integrate SSL technologies from a trusted Certificate Authority (CA) who implements rigorous security policies in issuing SSL certificates and validates the authenticity of both parties. It is the CA’s job to confirm that who someone says they are – is who they really are.
For businesses considering a third party CA, it is important to remember that not all CA’s are alike. Look for CA’s that follow rigorous security policies, issuance and revocation that meet and exceed the Certification Authority Browser Forum (CAB/F) standards. Not all SSL certificates are issued equally and businesses should carefully choose reputable CA’s to safeguard their customers, their business and brand. Price may play a role in the purchasing process, however, more important considerations come into play and the lower cost SSL may not deliver the comprehensive solutions that industry-leading CA’s provide.
Tips on choosing a good Certificate Authority
When evaluating a CA, we urge you to consider the following:
- Diligence of the security used by the CA to protect cryptographic keys
- Specifically designed hardened facilities to defend against attack
- Hardware-based cryptographic signature systems
- Regular third party audits
- Thorough network security and antimalware defense
- Enforcement of dual control certificate issuance used by the vendor
- Use of authentication/registration best practices to identify ownership
- Documented CA employee background investigations to protect against insider threat
- Strong history of the vendor’s trust and security
For consumers, it is important to visit websites with secure SSL authentication. Follow these important steps to protect yourself, your information and your devices:
- Update your browser software to obtain the latest set of valid root keys
- Visit websites with the green URL address bar, highest protection using Extended Validation (EV) SSL
- Always visit websites with the recognized security trust mark such as the Norton Secured Seal
- Use strong passwords, change them regularly and secure them safely
- Click on websites with “https” in the URL that have increased safe guards
Protect your business and your customers so your company can grow. With the holiday shopping season approaching, take extra security measures to ensure increased sales, profits and happy customers.