Security Matters – Keeping Your Data Safe In A Post GDPR World
The upcoming implementation of GDPR legislation in Europe puts additional pressure on internet data processors and controllers to ensure that the systems they use are secure by design. In the context of this we thought it would be good to outline a very simple step you can take today to increase your online security.
For the more acronym-savvy among you, this step concerns HTTP and SSL.
For everyone else, you may have heard the terms “SSL” or “SSL Certificate” used interchangeably with “HTTPS”. For the most part, these are the same. An SSL certificate is the product that is purchased from a security provider and installed on a server, and HTTPS is the secure communication that results from having that certificate on your server.
Why do I need this?
All web data is sent using HTTP or HTTPS communication methods. HTTPS is a way to encrypt information that you send between a browser and a web server. It uses Secure Sockets Layer (SSL) to achieve this. This protects your Curatr users from “man-in-the-middle” (MitM) attacks, where someone steals the information being sent to a website, like credit card information or login details.
Chrome displays security information on HTTPS sites
Historically, HTTPS connections have primarily been used for sites that contain sensitive information like payment details, but you’ve probably seen more and more sites making the switch to secure lately. As HTTPS has become easier to implement, secure connections are becoming the standard for all modern websites.
Over the years, big sites like Facebook, Google, Wikipedia, the New York Times, and, yes, Curatr, have all switched to HTTPS. Google announced in late 2015 that its search engine would favour sites that use HTTPS over those that don’t. In addition, browser providers have recently begun the push to force all web content to be delivered over secure connections. One day all HTTP content could likely be blocked by default.
Don’t Delay – Secure Today
Curatr currently accepts both HTTP and HTTPS connections, which means your users could be choosing an insecure route. The good news is that you can force SSL in Curatr right now by enabling it via the admin interface under the services menu item. This setting is found in the Admin=>Services=>SSL. Click the service and then enable and save your changes. All future visitors to your Curatr instance will be redirected to a secure HTTPS connection.
Are there any issues with HTTPS?
The only problem you might face is if some of your older links need updating. If your URL resources are still using HTTP you need to change them to use HTTPS. This is because browsers prohibit secure pages from loading insecure content – which is a good thing or we could be easily tricked into thinking we were securely browsing content when we really weren’t.
What if my content doesn’t support HTTPS?
For now you can ask users to open the content in a new window. But you’ll need to start preparing for the future and finding alternative sources of content or asking your content provider to upgrade. A certificate can be installed in a day or two so there’s really no excuse!
That’s all for now, but SSL is only part of the solution for increasing online security. We have just commissioned our 2018 security probe and are always looking for ways to increase the security of our systems.
About the author
Pete is now an experienced developer but was once a classroom teacher before transitioning into online training. He likes to tinker with things to continually improve the user experience and deliver features that make a difference to trainers and learners alike. Outside the office, Pete is a normal geek.
Sign up to our free blog newsletter to keep abreast of all the latest updates and details of where we are and what we are up to.
[wpupg-grid id=”related-reading-category-curatr-device-mobile”] [wpupg-grid id=”related-reading-category-curatr-device-tablet”]