Making money through the ups and downs of the market or industry is one thing, but earning money because you forget to renew your SSL certificate can be disastrous for your company, especially your brand image and your future And trustworthiness with existing customers.
Research shows that nearly two-thirds of businesses have already lost customers within the last two years because they have failed to secure their website with the correct certificate.
When customers lose trust in your website and consequently your business, they may decide to move their business elsewhere for fear of their data being stolen. If your website is not secure, you risk breach of your data, which can result in financial loss of millions of dollars. Incident response, settlements, legal fees, fines and PR are just a number of costs that can affect your business because you simply forgot to renew your certificates.
According to a POMON report in 2015, the average organization has already suffered more than two system failures in the last two years due to ‘certificate related outages’. The average cost of having an unplanned certificate related outage is approximately $ 15 million.
Microsoft Azure Case Study
In 2013 Microsoft’s Azure cloud platform spread worldwide due to an expired SSL certificate. This came at a time when Microsoft’s Xbox Music and video services were also reported to have problems.
The announcement also came on the same day that Microsoft admitted to being the victim of a cyber hack similar to both Apple and Facebook. As you can imagine, many customers had to go in for communication, Microsoft’s PR team had to send messages about the situation and Microsoft was also to attack the services and products that were purchased at the time of the attack. could.
You can see from the image below how business costs are divided by compliance failures and business continuity, from the Ponomon report.
With the increased risk of hacking attacks, auditors are clinging to standards and regulations companies must comply with to show that they are not risking their customers or even their own data. If you want to know what steps you need to take to get to the standards page published on the IT governance website.
Now that companies like Google are ranking organizations with secure websites, it is clear that this is a growing trend in business and IT security.
Do an internal audit
Start by bringing all your current certificates and keys together and see where there may be gaps.
You can check our website server with our free tool. If you are a customer of GlobalSign you can also use our free certificate listing tool to check where you have already installed certificates and you will need to renew them.Make sure you list all the dates when each certificate is about to expire and log them in a place where you won’t be forgotten.
It can be helpful for you or the person in charge of your IT security to set a reminder in your calendar when each certificate is about to expire, so that they can update the certificate without leaving your website unprotected Can. Alternatively you might want to look at having a managed SSL solution, where you can control your certificates via an online platform and be notified of certificates requiring renewal in advance.
Enforce internal policy
the steps you are taking, why and how you are engaging them Huh.Company-wise training should also be given so that employees understand the changes you are making and also how to avoid potentially putting your data at risk by falling for a phishing scam, or leaving sensitive data where this risk may occur .
Make sure you are up to date with IT security news
A big part of securing your website / data and data will be by keeping only the latest news updates in IT and security. You can find some of our favorite security publications on Twitter by joining our list.
Alternatively check out Infosecurity and The Register for the latest in IT and technology news.
Keeping regular up-to-date allows you to react quickly when new bugs or viruses are reported or need to be updated. For example, it has recently been reported that SHA-1 (hashing algorithm developed and used in digital certificates) can be hacked in just a few years. It is therefore recommended that if you own the SHA-1 SSL certificate, you should upgrade to SHA-256 as soon as possible.
Recruitment and processing
As an owner or senior level director within an organization, it can be difficult to pay full attention to the IT security requirements that are typically available.