Unfortunately, we hear about cyber attacks happening almost every day. So what can or should lawyers and law firms do to protect their website and how clients communicate with it? This post will look at how to secure your firm’s site using an SSL certificate properly.
Do you have an SSL certificate?
SSL stands for Secure Socket Layer. This layer creates an encrypted link between the web server hosting your site and the web browser that is looking at the site. This effectively prevents wrongdoers from reading or modifying the information on your site. If you look at your site or any site and see a small padlock icon next to the URL in the address bar, this tells you that the site you are visiting has an SSL certificate and is secure. When the site is secured with an SSL certificate, you will also see that the URL displays HTTPS instead of HTTP. This S designates the site as “Secure.”
The concept is straightforward. The data or information transferred from your site to a web browser is encrypted and therefore impossible to read. By keeping your data secure, you verify ownership of the site, explaining that your firm is the owner and publisher of the site. Additionally, you are preventing hackers from creating a fake version of your site. Fake firm websites are becoming all too common, and the effect can be devastating to a firm’s reputation. If your firm has clients sign in, upload data, or make payments online, you must have an SSL in place.
If your firm does not have a certificate and the URL does not display HTTPS, most browsers will tag the site and tell the user the site is not secure – again damaging your credibility.
When a browser attempts to connect to your site, the browser asks that the server hosting your site identifies itself. Your server then sends over your SSL certificate. Next, the browser checks the certificate to make sure it is trustworthy. If it passes the test, the browser tells the server that it is acceptable. The server acknowledges this, and then the interaction between the browser and the server begins. This interaction or session is encrypted, and the browser and server share the encrypted data. This process is called the “SSL handshake” and takes place almost instantaneously.
The easiest and most convenient way to obtain your SSL is to work directly with your hosting company. Since there are different types and levels of SSL certificates, depending on your firm’s needs, you should seek guidance from the host as to what type of SSL certificate is most appropriate for your firm.
Final note: SSL certificates don’t last forever! They do expire and need to be renewed. Your hosting company will generally prompt you regarding the renewal, but make sure you keep an eye on the date as well.