As the technology behind security software on the web advances, so too does the determination of attackers to infiltrate it. SSL and TLS are the basis of encrypted communications on the internet, many of us will use it every day without even knowing it.

SSL does the very important job of preventing attackers from stealing your private information when using internet banking, emailing from your phone, accessing your email via webmail and every time you purchase something with your credit card online.

Lately there has been increased talk about SSL and the risks involved with attacks directed at their software. We hope this post informs and reassures you.

What is SSL?

SSL (secure sockets layer) is a cryptographic protocol which provides a secure method of communicating data between two computers over a network. Think of it as two computers talking to each other in code.

If this code was a standardised static code it would be easy to decrypt. That is why SSL uses private keys, public key exchange and complex mathematics to make the data encryption complex to decode.

There will always be new attacks aimed to detect loop holes within the mathematics behind the encryption. Hackers’ computers will also get fast enough to simply try every code combination. To combat these risks, SSL technology is constantly evolving, but this means SSL certificates need to be maintained and renewed.

Reducing your risks

This is where IT Partners come in. It is simply not secure enough to turn on the SSL security option and hope it takes care of itself. At IT Partners, we routinely carry out audits of the SSL technology we use for our clients, both proactively throughout the year, and also at the announcement of every exploit.

We also renew the SSL certificates annually with a new private key to ensure the keys are always issued with the current best practice level of security. However, it should be constantly evaluated and risks mitigated.

Updating your security

If you would like further information about SSL or to get an update on your company’s IT security levels, please email us at [email protected]