October is National Cyber Security Awareness Month (NCSAM), which means throughout October every public and private sector entity should spend time reengaging their website security strategy and ensuring they are aware of, and protected from, the latest cyber threats. For local governments, it’s important to remember in October, and all year long, that the Internet touches almost every aspect of your citizens’ daily lives. It’s likely also key to your administrative operations. With the number of cyber-attacks against public sector entities on the rise, this October, make sure you are taking every step possible to safeguard citizen data. If your local government website has not already implemented SSL protocol, it’s time to learn its value, and to talk to your municipal website designer about obtaining an SSL Certificate.
What is SSL?
You may have heard the term SSL, but are unfamiliar with what it stands for, or how it can protect your local government website. SSL stands for Secure Sockets Layer. It is the standard security technology for establishing an encrypted link between a web server and a browser. Such encrypted links ensure that all data passed between a web server (where you host your civic website) and browsers (what your citizens user to interact with your website) remain private and safeguarded from remote access by infiltrating hackers.
Safeguarding Online Transactions
SSL technology is essential to safeguarding all varieties of digital transactions that take place between your citizens and your website. For local governments that offer citizen self-service tools, such as the ability to pay utility bills, sign up for news alerts, or create a personal account, such transactions involve the submission of citizen personal identifiable information—information that is entered into your citizen’s browser and sent over the Internet to your web server. Such information could include credit card information or individual or password information. Without a secure connection to transmit such data, it could be at risk of being intercepted by hackers.
How to Create an SSL Connection
To create an SSL connection to safeguard citizen data transactions, you’ll need an SSL Certificate. When establishing your SSL Certificate, be prepared to answer questions about the identify of your website and your municipality. The first step to obtaining an SSL certificate is generating a CSR. CSR stands for Certificate Signing Request. A CSR contains information such as your organization's name, your domain name, and your location, and is filled out and submitted to a Certification Authority. The CSR also contains a public key generated by your web server. When the CSR is submitted for review and approval to a trusted Certification Authority, your information will be validated and you will be issued an SSL Certificate. Your certificate can then be installed on your web server and will be used by browsers to match your web server to your private cryptographic key. It’s important to note that the Certification Authority will use your CSR data file to create a data structure that matches your private key without compromising the key itself, and will do so without ever seeing your private key.
Once you receive your SSL Certificate it will need to be installed on your server. Note that the process for installing and testing your certificate will be dependent on your specific server. Once your SSL Certificate has been installed, your web server will be able to establish an encrypted connection between your website and your citizens’ browsers.
A Secure Citizen Experience
When your citizens’ browser connects to a secure website, it will retrieve the website's SSL Certificate, validate that it has not expired, check that it has been issued by a trusted Certification Authority, and that it is being used by the website for which it has been issued. If any of these checks are not confirmed, the citizen will receive a warning message advising that the website they are about to visit may not be secure.
When a secure transaction is in place, your citizens’ browsers will display a green lock and the word “Secure” in the address bar of their browser.
This visual confirmation is becoming more readily recognized and expected by citizens and will reassure them that information submitted to their local government via its website will be safeguarded.
If you need assistance implementing an SSL Certificate, contact your municipal website designer, and host, or visit SSLTools.com for more information and resources.
Why It’s Important to Implement SSL Now
If your local government website isn’t already hosted using SSL protocol, it’s time for implementation. Users of websites that collect password and credit card information will start seeing more frequent “not secure” warnings from their Google Chrome browser when entering personal information on HTTP sites starting this month—October 2017.
While Google first began issuing warnings back in January 2017, it plans to expand the types of digital interactions that will trigger such messages. Starting in October, Google will issue warning messages if a website user inputs any data at all—even search terms—into a non-secure website. The purpose of the additional warnings will be to notify website users that any exchanged data is being sent on an unencrypted connection—which could put personal information at risk of being visible to cyber attackers.
For more information on SSL, or if data security is a concern for your municipality, click below to download our guide to civic website security, hosting, and redesigns.