What is SSL and Why is It Important for Your Municipal Website?

October is National Cyber Security Awareness Month (NCSAM), which means throughout October every public and private sector entity should spend time reengaging their website security strategy and ensuring they are aware of, and protected from, the latest cyber threats. For local governments, it’s important to remember in October, and all year long, that the Internet touches almost every aspect of your citizens’ daily lives. It’s likely also key to your administrative operations. With the number of cyber-attacks against public sector entities on the rise, this October, make sure you are taking every step possible to safeguard citizen data. If your local government website has not already implemented SSL protocol, it’s time to learn its value, and to talk to your municipal website designer about obtaining an SSL Certificate.

What is SSL?

You may have heard the term SSL, but are unfamiliar with what it stands for, or how it can protect your local government website. SSL stands for Secure Sockets Layer. It is the standard security technology for establishing an encrypted link between a web server and a browser. Such encrypted links ensure that all data passed between a web server (where you host your civic website) and browsers (what your citizens user to interact with your website) remain private and safeguarded from remote access by infiltrating hackers.

Safeguarding Online Transactions

SSL technology is essential to safeguarding all varieties of digital transactions that take place between your citizens and your website. For local governments that offer citizen self-service tools, such as the ability to pay utility bills, sign up for news alerts, or create a personal account, such transactions involve the submission of citizen personal identifiable information—information that is entered into your citizen’s browser and sent over the Internet to your web server. Such information could include credit card information or individual or password information. Without a secure connection to transmit such data, it could be at risk of being intercepted by hackers.

How to Create an SSL Connection

To create an SSL connection to safeguard citizen data transactions, you’ll need an SSL Certificate. When establishing your SSL Certificate, be prepared to answer questions about the identify of your website and your municipality. The first step to obtaining an SSL certificate is generating a CSR. CSR stands for Certificate Signing Request. A CSR contains information such as your organization's name, your domain name, and your location, and is filled out and submitted to a Certification Authority. The CSR also contains a public key generated by your web server. When the CSR is submitted for review and approval to a trusted Certification Authority, your information will be validated and you will be issued an SSL Certificate. Your certificate can then be installed on your web server and will be used by browsers to match your web server to your private cryptographic key. It’s important to note that the Certification Authority will use your CSR data file to create a data structure that matches your private key without compromising the key itself, and will do so without ever seeing your private key.

Once you receive your SSL Certificate it will need to be installed on your server. Note that the process for installing and testing your certificate will be dependent on your specific server. Once your SSL Certificate has been installed, your web server will be able to establish an encrypted connection between your website and your citizens’ browsers.

A Secure Citizen Experience

When your citizens’ browser connects to a secure website, it will retrieve the website's SSL Certificate, validate that it has not expired, check that it has been issued by a trusted Certification Authority, and that it is being used by the website for which it has been issued. If any of these checks are not confirmed, the citizen will receive a warning message advising that the website they are about to visit may not be secure.

When a secure transaction is in place, your citizens’ browsers will display a green lock and the word “Secure” in the address bar of their browser.

SSL_Security_Browser_Address_Bar_Example.png

This visual confirmation is becoming more readily recognized and expected by citizens and will reassure them that information submitted to their local government via its website will be safeguarded.

If you need assistance implementing an SSL Certificate, contact your municipal website designer, and host, or visit SSLTools.com for more information and resources.

Why It’s Important to Implement SSL Now

If your local government website isn’t already hosted using SSL protocol, it’s time for implementation. Users of websites that collect password and credit card information will start seeing more frequent “not secure” warnings from their Google Chrome browser when entering personal information on HTTP sites starting this month—October 2017.

chrome-62-warns-that-http-sites-are-insecure-when-entering-data (002).png

While Google first began issuing warnings back in January 2017, it plans to expand the types of digital interactions that will trigger such messages. Starting in October, Google will issue warning messages if a website user inputs any data at all—even search terms—into a non-secure website. The purpose of the additional warnings will be to notify website users that any exchanged data is being sent on an unencrypted connection—which could put personal information at risk of being visible to cyber attackers.

For more information on SSL, or if data security is a concern for your municipality, click below to download our guide to civic website security, hosting, and redesigns.

Your Guide to Civic Website Security Hosting and Redesigns

Author
Jim Flynn

Jim Flynn

In his role as the Director of Information Security at CivicPlus, Jim Flynn is responsible for managing the security and hosting reliability for its over 2,500 clients and their over 60 million citizens. Jim has been on the forefront of cybersecurity strategy and leadership, protecting local governments from the continually evolving cyber threats that exist today. He has been with CivicPlus since 2009 and brings over twenty years of IT security and data management experience to its local government clients.