We buy products and services online every day, and naturally the supplier will claim their website security is fantastic. Often we see sentences like: “We use the latest encryption technology, Secure Sockets Layer (SSL) for encryption and authentication to protect the transfer of your personal data from unauthorised parties. SSL software uses 128-bit encryption to secure the personal information you input before it is sent to us”.
But what does this mean? If you wanted to stop someone reading a postcard you could write the postcard and put it in an envelope. A basic postcard can be thought of as ‘insecure’, but now it cannot be read until it is taken out of its envelope at the other end. This is a bit like SSL encryption; it turns clear text into jumbled numbers and letters. ‘Great!’ you may think, but the postcard is still insecure before and after it is placed in the envelope.
This is the problem with SSL encryption: it simply stops someone listening to the conversation between the client (your computer) and the server (website). So what’s the problem? Well, why go to the bother of listening to traffic when you can just break into the website or server? SSL is only part of the picture, and website owners and the public need to be educated about this. Used alone, it does not mean a website or server is secure.
Website owners cannot simply assume the IT guy or web designer has secured or will secure the website. Website security is a detailed area in its own right and requires on-going maintenance such as virus scans, backups, testing, patching and so on. Security is especially important when receiving or storing personal details and credit card or bank details.