In the online world the most valuable digital assets an organization owns should be treated like the Crown Jewels. You'd expect our law enforcement agencies to set the example of how to mitigate the risks of potential cybercrime. But based on a story that broke this week, it seems they are as fallible as the rest of us.
The Register this week published a story that on first glance appeared to be an April Fool’s joke, but it wasn't. The Metropolitan Police allowed the SSL certificate that provides an encrypted and secure connection for users to its website to expire. Whilst no private data was exposed, it would have been an embarrassing event, especially in the current environment where website intrusion, data breaches and general cybercrime is rising. Secure Socket Layer, or SSL is regarded as a must-have for any websites that require the input of personal data or e-commerce. In the case of the Metropolitan Police, the pages in question that are protected by this form of security were the "report a crime" section.
In most instances anyone trying to access the page was served an alert which laid out the risks of continuing - "this error could mean someone is trying to impersonate the site". Users could still access the page although any information they then submitted would have been over an insecure connection.
SSL certificates should be managed in the same way as domain names. However, due to the relatively complex process an organization has to go through to obtain and maintain one, it is not advisable to leave it to the expiry date to put the wheels in motion to renew it. For an ecommerce site the impact of an expired certificate could be lost customers and consequently revenues, whilst for other organizations where the SSL is used to protect personal data the biggest risk is reputational damage.
The management of your digital assets, including SSL certificates, is something that NetNames has been a market leader for over 15 years. Understanding the key dates for renewal and expiry is the first step an organization should take in creating a strategy for their digital assets. NetNames is able to provide a free audit of your SSLs whilst our management portal allows a simple way to view and renew the certificates.