Just because something is secure, doesn’t mean that it’s safe. The S in HTTPS doesn’t always mean safe. In this episode, I talk with Casey Crane about trust and encryption. We discussed many practical ways for you to avoid being a victim of a scam. Prevention and knowledge can help stop many attacks before they even begin.
Casey Crane is a cybersecurity writer for Hashed Out at The SSL Store. Casey is a regular contributor to Hashed Out with 10+ years of experience in journalism and writing, including crime analysis and IT security. She also serves as a Content Marketer at The SSL Store. She has bachelor’s and master’s degrees in mass communications (in journalism and media studies) from the University of South Florida and USF St. Petersburg. Casey is passionate about data privacy and wants to educate others about encryption because it plays such an integral role in our daily lives (even though many people don’t know it!).
We talk about trust and encryption and best practices for protecting you, your family, and your business. We specifically discuss what you need to look for before clicking on a link or downloading anything. We talk about different types of SSL certificates and how to figure out which one would be the best fit for your website. This episode will help you figure out if you need an SSL certificate and reputable and trusted sources that can help.
Show Notes: [00:35] - Casey works at the SSL Store as a content writer for the website and Hashed Out. [01:17] - She wrote her master thesis on the relationship between serial killers and the media in terms of how they are represented. She has always had a keen interest in learning more about crime and criminal elements and it just transitioned over time into the realm of technology and cybersecurity. [03:22] - What are HTTPS and SSL certificates?[04:15] - HTTPS is an encrypted communication channel between one party to another. Passwords and personal information are encrypted. [05:59] - Domain validated means that the person who requested the certificate gets an email. The email typically has a link or some files they need to upload to and that is about it. Organization and extended validation are two levels of validation above that. [07:29] - The Anti-Phishing Working Group reported nearly three-quarters of websites that were phishing websites used an SSL or TSL certificate. [08:21] - There are Unicode domains which basically pull from different languages, character, numerals, and signs. Those are now being used in web domains. [09:25] - Criminals tend to go for the lowest hanging fruit. They want to make this as easy as possible for themselves to save time and make the most profit or achieve their agenda quickest. [09:50] - If you get an email before you actually click on anything check the header in the email and see who the email is coming from. Check that the email and name match. Often the email is off by one letter or digit. [12:59] - Scams often create some sort of feeling of urgency, curiosity, fear, or concern so people are motivated to want to answer that email quickly by clicking on the link or calling a provided number. [14:25] - From a website owner perspective or an admin perspective it is about knowing which certificate you should be putting on your site. [15:02] - If you are collecting any financial information you should be using an OV certificate at minimum. [16:48] - In countries where the internet service is less reputable or you are concerned about your government snooping on what you’re doing, having the encrypted communication channel between you and the website prevents the content that is going back and forth from being seen. [17:57] - Sometimes an issue that people tend to run into is that they just forget to check their certificates. [20:40] - The shorter the validation is for a certificate the more secure it is because there would be less time for a cybercriminal to be able to crack the encryption. [22:14] - The current standard for validation is 2 years for public certificates. It is continually changing and will keep changing. [23:16] - Certificate managers are programs that can help you manage the certificate and the life cycle of the certificate. There are different programs based on your preferences and needs. [24:56] - When you are able to keep your certificates valid you are avoiding issues and downtime. [27:09] - The actual encryption from certificate to certificate is the same. It is still the standard encryption that is provided. It is just the extra features that vary per certificate. [28:45] - Where can people go to get an SSL certificate? What should they be looking at to decide what is right for them?[29:36] - Find a reputable source and then figure out what level of validation you need for a certificate. Then you need to choose the functionality of the certificate. [30:57] - You want to make sure to choose a warranty as well.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.
Links and Resources: Podcast Web PageFacebook Pagewhatismyipaddress.comEasy Prey on InstagramEasy Prey on TwitterEasy Prey on LinkedIn Easy Prey on YouTubeEasy Prey on Pinterest Hashed OutSSL StoreSectigoDigiCertIntrustGoDaddy Email Security Best Practices Guide Certificate Management Checklist