Amid the current government shutdown, over 80 government websites are either down or insecure. With no IT staff around to renew their TLS (Transport Layer Security) certificates, many government websites are being left open to vulnerabilities. Some of the sites are set up so that they become inaccessible to the public if their TLS certificates are not up-to-date. Yet, others simply warn users that the site is not secure, then allows you to bypass the warning and continue onto the site. Once on an insecure site, users will be vulnerable to man-in-the-middle attacks.
Even if you’re not looking to access government sites at the moment, this topic still contains an important lesson for all businesses. It's important to consider the responsibility your business holds in ensuring that your own site is secure. A secure site protects data as it is passed between a server and browser.
The most important reason to keep your site secure is to protect your customer and vendor data. If your site is not secure, any information they entrust to you, could be stolen. If you allow your TLS certificates to expire, a client who is on a mission to complete a task and used to logging into your site regularly, may not even notice a warning stating that the site is not secure this time.
Keeping your site secure also protects your business from an unnecessary security vulnerability. With threats to cybersecurity always looming around, don't risk leaving your site vulnerable.
Additionally, search engines like Google take into account whether or not your site is secure. If your site’s URL begins with https, it will be given a higher ranking than if it were to start with http. This will make your site easier for prospective customers to come across.
A secure site doesn’t require a large investment of time or money, but a site that is not secure can certainly come with a high cost. If you would like more information on securing your site, give us a call at 402.398.9580 or email us at email@example.com.