You may have seen the lock symbol on your browser, but what does it really mean?

If you have ever noticed when some website addresses begin with ‘http://’ but the majority you visit begin with ‘https://’ – you have noticed an element of what it is to have SSL. If you don’t know why this is so important to check every time that you visit a website, then for the sake of your online safety and the online safety of your clients it is important that you read on.

What is SSL?

SSL stands for Secure Sockets Layer, and it is a security protocol used to secure data between two devices using encryption.

Millions of websites use SSL every day to secure connections and keep your data safe. Even the Bureau of Meteorology website has now finally been upgraded to use SSL, after years of users receiving a browser warning every time that they visited it. You may know of the presence of SSL by some common things you see when browsing every day. The padlock, the browser bar turning green, the ‘https://’ protocol address, or a ‘secure site seal’. These are all indications that the site you are visiting is using SSL encryption.

Without SSL, any data sent between the server hosting that webpage and your device has the potential to be intercepted by malicious actors in an unencrypted form. To fully understand how SSL works and its importance, let’s go behind the padlock.

In order to display that little padlock and reassure visitors that the website data is being transmitted securely, modern browsers follow the below steps:

1. The browser tries to connect to a website/webserver secured with SSL.

2. The browser demands that the web server identifies itself.

3. The website sends the browser a copy of its SSL certificate – which will have previously been obtained from a Certificate Authority which is trusted by your browser or Operating System. As an example, for Microsoft devices the list of approved Certificate Authorities can be found here.

4. The browser checks to see whether it trusts the SSL certificate – validating it against the list of approved Certificate providers above, checking for additional details such as whether the Certificate has been revoked or has already expired, and also confirming that the Certificate is actually for the site being visited. If it passes all of these checks, then the browser signals the webserver that it is trusted.

5. The website/webserver then returns a digitally signed acknowledgment to start an SSL encrypted session, allowing it to transmit the rest of the website content securely.

6. Encrypted data is then shared between the browser and the website, meaning that no critical/confidential data is being transmitted in ‘plain text’ – making it practically impossible for any potentially intercepted traffic to be read by malicious actors.

Whilst this behind the scenes process takes mere moments and is usually invisible to the end user, its importance cannot be understated when you are visiting websites which require any form of data entry – be it login/password details, or simply personally identifiable information.

If the websites you have to visit and interact with as part of the daily operations of your business don’t have SSL certificates, this is a cause for concern. SSL is an important part of protecting your and your customers’ data and privacy. If you’d like help to develop a plan to ensure SSL is an integral part of your security infrastructure, reach out to the Altitude Innovations Team today.