Original release date: May 17, 2019
Jamaica CIRT has become aware that there are Government sites which do not have a SSL Certificate applied.
SSL (Secure Sockets Layer) certificates are small data files which allow for the encryption of data when being transferred from a web server to a browser. SSL certificates utilize a public and a private key, which work together to establish an encrypted connection. When installed on a web server, it activates the padlock and the https protocol which establishes that secure connection. SSL Certificates help to protect sensitive information such as user names, passwords and credit card information etc. It is urgent that SSL certificates be applied in order to:
- Ensure Authentication to confirm visitors are on the right website
- Ensure Data Integrity to make certain customer data cannot be corrupted or modified
- Encrypt sensitive information between servers to prevent interception
- Protect against hackers
- Increase Search Engine Rankings
- Prevent website blacklisting
• Ensure SSL certificate is from a trusted Certificate Authority
• Choose the correct trust level type of SSL certificate for your organizations needs
• Ensure SSL certificate covers all domains and pages
• Consider other website threats and vulnerabilities
This is an urgent call for all MDAs to implement SSL on all websites they manage whether there is personal data being collected or not. The JaCIRT is recommending that this be done by June 30, 2019.