​​California Federation of Women's Clubs

TIP of the MONTH

GFWC’s News and Notes recently announced, “Don’t get caught off guard by Google’s plans to discourage traffic to your club’s website in July!  We recommend contacting your technology provider as soon as possible to install a SSL certificate to prevent website visitors from receiving security warnings…”

Google is tightening security on their platform in response to the furor caused by websites that purport to be news agencies but actually are propaganda sites or are scamming or phishing sites.  They are trying to verify what the websites actually are while forcing all websites to upgrade from sending data using http to sending data by https.  In https a public and private key work together to establish an encrypted connection that allows sensitive data such as credit card transactions, etc. to be transferred without the fear of hacking.

SSL stands for Secure Sockets Layer.  A SSL certificate offers encrypted protection and is also an insurance protection program.  Not for the website but for the browser.  If a financial transaction is compromised, the browser can sue the company that issued the SSL certificate for damages.  Because the company has investigated the website before issuing the certificate, it also assures the browser that the site is what it says it is.  Like all insurance, there is a cost to obtaining it.

Without a SSL certificate from a recognized company, when a browser types in a website domain name, an error message will appear with a notification that this is not a secure website.  Two buttons appear below this message.  The first says, “I understand the risks.”  The second says, “”Get me out of here! “

You can imagine which button most people are likely to push.

Clubs can obtain an SSL certificate through their website provider.  Costs will vary depending on the provider and the size of the site. 

There are three levels of SSL certificates.  The low assurance certificate is based on a self-signed or free certificate.  The problem with this level of certification is that self signed certificates are virtually unregulated, so the error message notifying the browser that this is not a secure site will still appear.

An organization-validated certificate or high assurance certificate requires real agents to validate the domain ownership and organization information such as name, city, state and country.  This is the SSL certificate club websites should use.  Your website provider will provide you with all the information you need to put this certification into place and the cost involved.

There is an EV certificate, or extended validation certificate, which requires the most rigorous validation process.  This certificate will be used by business websites and provides more insurance protection than club websites need to have.

GFWC would like all club websites to be linked up to their website but at the present time plans to not continue to accept this linkage without the website SSL certification in place.

This SSL certification is very easy to implement through your website provider and will reassure a casual browser that yours is a trusted website.

SSL CERTIFICATE NEEDED ON ALL WEBSITES

“CFWC Keeping Up With The Times"