HTTPS, Let’s Encrypt and your website security

While browsing the internet you will definitely have come across a warning about a website security certificate. What is the threat about, how does the internet community deal with the problem, and what should you keep in mind about your own website? These questions I’ll try to further explain.

The data moving between the end-user and the server goes through HTTP (Hypertext transfer protocol), which has long been a standard. Due to the lack of encryption, the data moving through HTTP is not properly protected. For tackling the issue an extra TLS (Transparent Layer Security), formerly known as SSL (Security sockets layer) is added to the HTTP. You’re able to recognize the cryptographic protocol with a lock sign and HTTPS before the URL.

Estonia – one of the leading countries in cyber defense still has a lot of major websites without this extra security layer. The main goal of HTTPS is to protect internet users from data breaches, social manipulation, malware, unwanted software, websites and extensions. A threat you can’t really grasp can one morning turn into reality, while opening the computer and seeing that if you wish to keep your data, or not have it published online, a transaction to an unknown account is required. No company or end user can be fully protected from this, but HTTPS is one of the first ways to start protecting your web activity.

In recent years, numerous steps have been taken to make secure transfer protocols into a standard. Google’s search engine gives an advantage to HTTPS websites in the search results. There’s more and more media coverage about different large scale hacks. While previously adding TLS to your site came with a fee, then from last year it is free after Let’s Encrypt changed their policies and pricing.

This service is able to operate thanks to crowdfunding campaigns and the participation of large corporations like Shopify, Facebook, Google etc. Let’s Encrypt is an organization which has made its mission to stand for web security. While offering a user friendly way to add the security certificate to a website, and for free, Let’s Encrypt also offers free updates for the certificates, an open database of the certificates and does its best to be independent of the interests of large corporations.

Every company that would like to prevent the situation where one day their database could be under attack, and all the gathered customer data compromised, should implement security certificates on their website. There is an informative piece on the increasing number of ransomware attacks in Techcrunch. At BlueGlass we see HTTPS as a necessity in web development and for the last six months all our websites have had TLS and will have in the future.

If you’d like to know more about the range of services we provide and discuss working with us, then please write us – info@pineparks.com and let’s discuss your project in detail.