News

Are companies getting the most from their SSL certificates?

Since news broke regarding the widespread vulnerability found in OpenSSL, organizations of every stripe have had to consider who provides them with their encryption solutions. It can be easy for everyone involved in cybersecurity procurement and implementation to become complacent when things are going smoothly. However, danger lurks around every corner of cyberspace, and a network invasion can happen at any time. That's why it's so important that businesses have comprehensive safeguards in place to prevent a breach from causing long-term damage. In many instances, that process begins with establishing high-quality encryption-based defenses.

OpenSSL's Heartbleed bug effectively demonstrated why choosing an open source tool for encryption needs is not always in the best interest of a company. Countless websites have been left vulnerable to attack thanks to a small flaw in the program's code. As that incident showed, the details matter when it comes to cybersecurity. A company can do almost everything right, but none of that will matter if a data thief finds a weakness and exploits it.

Don't skimp on SSLs
There are some basic steps that business leaders can take to prevent becoming a breach victim. The most fundamental improvement a company can make is to only use SSLs from highly trusted certificate authorities. The missteps committed by the OpenSSL team should hammer this point home. There is no margin for error when designing data security tools. Cybercriminals are constantly looking for opportunities to exploit a defect and poke holes in an organization's defense. It just makes their job that much easier if businesses use SSLs from unverified sources. Doing so could open them up to man-in-the-middle attacks even if they have an SSL in place.

The danger of MITM strikes should not be ignored. Help Net Security reported that a recent cybersecurity study discovered that many Android apps are vulnerable to these types of cyberattacks. According to the research, only around 60 percent of analyzed programs used SSLs. Furthermore, among those that did deploy SSL tools, close to three-quarters didn't bother to authenticate certificates. If SSL certificates are properly used, MITM attacks become much easier to defend against. It's only faulty cybersecurity practices that allow these types of threats to persist.

Ensuring that mobile apps and other programs make the most use of available SSLs is just the beginning. Business leaders also need to encourage their own staff members to take advantage of these resources. The Inquirer's Chris Merriman recently spoke with IT security expert Kumar Ananthanarayana about some of the biggest mistakes companies make when managing bring-your-own-device policies. Despite the clear value of using SSL certificates to encrypt in-transit data, many organizations neglect to properly use these tools. Without SSL solutions in place, internal transmissions are essentially naked, making it easy for cybercriminals to launch successful MITM attacks.

Encryption should be a part of any cybersecurity plan, and cover both in-transit and at-rest data. For the former, it's important that businesses obtain certificates from a reliable CA since the market is cluttered with me-too vendors looking to cash in on the need for data security solutions. Only qualified providers can offer high-quality SSLs capable of locking down data on the move.

Protect sensitive company transmissions with SSL certificates today.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950

Buy now! Try now!