Imagine your customer is browsing your website on Google Chrome, and is prompted to enter personal security credentials before proceeding with his or her business (be it account inquiry or registration).

Before entering any information, however, your customer wants to make sure your website is secure. So the customer looks at your website’s URL, but instead of seeing the familiar green and white lock indicating the website has been verified by a trusted third party, the customer instead sees a red box with an “x” over the lock.

As a result of seeing this warning, the customer exits out of the browser before entering any information, out of fear of having his or her personal information compromised. To the customer, it may appear that your business is not using strong encryption to protect sensitive data even if you are using an advanced encryption protocol like Transport Layer Security (TLS).

Here is an example of what this looks like, on the refund section of the IRS website: 

What could be causing this issue? It could be that you are using the outdated HTTPS security certificate, SHA-1. As explained in a recent Google Security post, when this popular cryptographic hash algorithm was first created in 2005, it was thought to be un-modifiable and, thus, hack-proof. Confidence in SHA-1, however, has since waned as the algorithm has not proven as strong as security experts originally thought. Major Internet browsers like Microsoft and Mozilla, therefore, have made it clear they will stop supporting SHA-1 certificates in 2017.

Google, however, is taking a different stance toward SHA-1, deciding to sunset the certificate early. Websites using SHA-1 certificates that expire after January 1, 2017, are already considered to be insecure on Google Chrome. So while using SHA-1 does not pose any greater danger to end users than it has over the past several years, visitors browsing on your website could now be receiving error messages alerting them about possible vulnerabilities.

This could be a large portion of your customer base, too, as Google Chrome is currently the most popular Internet browser and is utilized by 34.7 percent of all Internet users. So if your business is still using SHA-1 security certificates, make sure to contact your website’s certificate provider and request a reissue.

As this example shows, staying on top of security issues is a never-ending task. Accordingly, it helps to have the guidance of a managed IT services provider like Apex Technology Services of Norwalk, Connecticut to oversee website operations and apply changes when they are needed. You can learn more about how Apex can help your business by clicking here.