Root SSL Certificate Expiry and What Happens Next for Brands

October 8, 2021March 8, 2023

A root certificate used by Let’s Encrypt has expired and caused problems for some companies and users.

The specific root certificate mentioned here that expired on 30 September 2021 is the IdenTrust DST Root CA X3. It was created back then in the year 2000, which has a validity period from 30 September 2000 to 30 September 2021. Most people probably won’t be affected by this expiry problem, but certain groups of people or companies have definitely come across some problems caused by this expiry, particularly those that that are still using old devices, old system infrastructure or old versions of operating system.

To understand the reason why this happens, it is important to know about how Certificate Authorities (CA) work and how the SSL certificate chains work. It is important to understand the concept of chain of trust in terms of SSL certificate, which is the foundation of the entire SSL certificate industry.

To make it simple, all certificates that enable HTTPS on the Internet are issued by a CA, an organisation that is trusted and accepted by devices or operating system (OS). For example, the image below shows the list of “Trusted Root Certificate Authorities (CA)” on a Windows 10 device.

The different levels in the hierarchy of SSL certificates

SSL certificate is usually categorised into 3 levels of hierarchy, the top-level root certificates, followed by the second level intermediate certificates and lastly the third level leaf certificates or end-entity certificates.

CA function as an entity to issue root certificates, which is the top-most level in the hierarchy of the certificate chain of trust. Most of the time, they are typically valid for around 20 years. These root certificates are then used to issue the second level intermediate certificates, which are typically valid for around 3 – 6 years. The intermediate certificates are then used to issue the third level leaf certificates, the ones that websites around the world get. They are typically valid for around 90 days to 1 year.

These 3 levels of SSL certificate work together to establish a chain of trust, which serves as the foundation of how the SSL certificate industry works. Leaf certificates are chained to intermediate certificates, while intermediate certificates are chained to root certificates. In the case of the expiry of Let’s Encrypt’s root certificate, IdenTrust DST Root CA X3, the image below shows its chain of trust.

Let’s Encrypt root certificate expiry

Now that IdenTrust DST Root CA X3 has expired, any users of SSL certificates that were chained to this root certificate will face problems when trying to access the Internet. Some services by famous brands might also face interruptions in delivering their service to end users due to this problem. As the scale of usage of Let’s Encrypt’s SSL certificate is very large, probably millions of people or companies will be affected, particularly those that use old devices, old system infrastructure or old versions of operating system as mentioned above.

Scott Helme, a security researcher, entrepreneur and international speaker who specialises in web technologies, listed in his blog the clients that will break after the IdenTrust DST Root CA X3 expires. These include versions of macOS older than 10.12.1, Windows versions older than XP Service Pack 3, iOS versions older than iOS 10, OpenSSL versions less than and including 1.0.2, and Firefox versions older than 50.

What happens when a root certificate expires?

Let’s Encrypt’s Executive Director, Josh Aas, mentioned that when leaf certificates (end-entity certificates) expire, it typically has very little impact, as it only pertains to a small number of websites and they renew automatically. However, when root certificates expire, there can be more widespread impact because the number of certificates chained to them is larger, hence client operating systems or browsers may need to be upgraded to fix problems. However, that isn’t always an option for older devices or deployments.

When root certificates expire, most clients’ devices or operating systems will automatically update the system list of “Trusted Root Certificate Authorities (CA)”, and the expired root certificate will be automatically removed through system updates. From here onwards, whenever the clients come across any SSL certificate that chains from the expired root certificate, an error occurs. An example of the error message of an expired SSL certificate is shown below.

A note worth mentioning is that the browser Firefox maintains its own list of trusted root certificates, independent from a system’s built-in list. You can learn more about it here.

Conclusion

As Let’s Encrypt SSL certificate comes free, therefore the team behind it is not really required to provide users with any service commitment in situations like this. When it comes to issues like this, it is up to the user’s technical capabilities to solve them. The best there is to offer is the community forum support from the people who are passionate about it.

Besides, with the recent outages of mainstream services such as Facebook, Instagram and WhatsApp, which went down for 6 hours on October 5, 2021, it is important to advise your customers to have a backup plan for their online business, in case unfortunate events all happen at the same time and affected their business operations severely.

The best advice you can give to your customers is to always build their own website, instead of relying on free services, as mainstream service is not a guarantee that it will last until the end. With this in mind, WebNIC wants to help you to assist your customers in building their website and owning their domain names. You can now pay a very little amount to get a DV SSL certificate (from as low as USD4.00 only) for 1 year, with access to guaranteed support from WebNIC. Let your customers know that having a website is much safer, because if social media dies off, at least they would not disappear completely with it in the online world, because there is still a backup ready.

Register domain and buy SSL certificates for your customers with WebNIC

WebNIC is an accredited registrar of over 800 TLDs and a trusted provider of more than 50 brands of SSL certificates to suit your different needs. We have more than 20 years of experience in the domain wholesale and reseller service, as well as more than 7 years of SSL certificate experience. You can be assured that we will provide the best service experience in helping you to register domains and buying SSL certificates. Join WebNIC as a domain and SSL certificate reseller to start selling with us today!

About WebNIC

WebNIC operates a digital reseller platform covering primarily domain name registration for over 800 TLDs, web security services, email and cloud services. With offices in Singapore, Kuala Lumpur, Beijing, Taipei and Jakarta, we serve 5,000 active resellers in over 70 countries. With over 20 years’ experience, we accelerate our partner’s growth through a robust platform, attentive support and wholesale pricing. To join us and become a reseller, live chat with us or email us at [email protected].

Q2 2021 Top 10 Most Impersonated Brands in Domains

October 5, 2021June 6, 2023

What are the top 10 most impersonated brands in Q2 2021 in terms of spoof domains?

Cybercriminals often use spoof domains to impersonate world-renowned brands to trick Internet users into giving their confidential information to them. In addition, they also use these spoof domains as attack vectors to perform cyberattacks, such as malware distribution, ransomware, virus etc.

The easiest way for cybercriminals to do so is to take advantage of the reputation of famous brands. Therefore, they love to impersonate these brands by using domains that contain the brands’ names, use similar typo which involves a brand name or the more advance method of hosting content that mimics the brand’s content. It is important to prevent all these threats by implementing digital brand protection measures.

Cybercriminals love to impersonate famous brands and here are the top 10 most impersonated brands in Q2 2021.

The graph above shows that these brands are the most impersonated brands when it comes to spoof domains. It is quite a problem because this means cybercriminals are intentionally registering spoof domains related to these brands to defraud end users. In other words, the domain attack surface size of these brands is large, because there are many spoof domains related to their brand name. As a result, they tend to be more vulnerable and have a higher chance of being taken advantage by cybercriminals to damage their brand reputation and image.

As a part of cybersecurity measures, there is a continual and never-ending process known as domain attack surface discovery. In this process, cybersecurity professionals discover spoof domain and subdomain names related to a brand that can be used as attack vectors to launch cyberattacks. The larger the domain attack surface, the more vulnerable a brand is. On the other hand, the more attack vectors discovered by cybersecurity professionals, the higher the chance to mitigate a cybersecurity incident.

In this blog, we will address these main questions to give you a better idea of what is the domain attack surface for 10 most spoofed brands:

What percentage of the domains discovered can be publicly attributed to the brands they contain?
What top-level domains are mainly used?
Are any of them already considered malicious?

The brands mentioned here are based on a study by Check Point’s Brand Phishing Report. The report lists companies that are found to be the most imitated brands by hackers in their phishing campaigns.

How large is the total domain attack surface size accumulated across these 10 brands?

The 10 brands accumulated over 42,000 domains and subdomains as per the data sample prepared by WhoisXML API, a domain research, WHOIS, DNS, and threat intelligence API and data provider. These domains were added from 1 July to 3 August 2021, roughly at least 12,000 domains and 30,000 subdomains, added within a span of only four weeks. A more detailed breakup for the numbers of each brand is shown in the chart below.

Although Microsoft is the most impersonated brand, the chart clearly shows that Amazon has a much larger domain attack surface, compared to Microsoft. Amazon is used in close to 12,000 domains and subdomains, compared to Microsoft at roughly 1,000 domains and subdomains. Some examples of the domains and subdomains are shown in the image below:

How many of these domains and subdomains are publicly attributable to the brands they contain?

For the discovered 42,000 domains and subdomains, some of them are likely owned by the brand’s owners, whereas most of them are spoof domains. WhoisXML API did some investigation by checking the registrant email addresses of the brands’ official domains from WHOIS Search and WHOIS History Search. The email addresses were then compared to the WHOIS records of these 42,000 domains through Bulk WHOIS Lookup.

60% of these domains return a result, and the rest could not be verified probably due to them already dropped by the owner. Of these domains that return a result, only 24 domains or 0.09% of the 42,000 domains use the same official registrant email addresses as the brands’ official domains. Hence, the investigation’s conclusion is that 99.91% of these 42,000 domains are spoof and cannot be publicly attributed to the brands and could have been registered and managed by other entities, including cybercriminals.

What is the distribution of the top-level domain (TLD) among these domains?

WhoisXML API also found something interesting when analysing the TLD distribution of these 42,000 domains. It found out that for these 10 most imitated brands, 35% of them falls under the .com space, while the rest are distributed across 209 other TLDs, including country-code TLDs. The top 10 TLDs are shown below:

How malicious are these domains?

WhoisXML API also did some further investigation to check the malicious status of these domains. It took 30% of the samples and ran threat analysis on these domains to see if they have been reported as malicious. Disturbingly enough, 68% of these samples which were analysed for threats are listed on blocklist sites, such as VirusTotal and Google Safe Browsing. These domains are usually only 1 to 2 months old at the time of writing, and have already been reported as malicious.

Conclusion

In summary, the top 10 most impersonated brands in Q2 2021 have been linked to around 42,000 of spoof domains and subdomains. These domains were added in just a short 4 weeks only, and almost all of them cannot be publicly attributed to the brands they contain. To make things worse, 30% of the samples used to perform threat analysis are malicious. This study shows the severity of domain spoofing is not to be taken lightly, and that a large domain attack surface is very real and pose significant threats. WebNIC would like to ask you to make sure to take cybersecurity seriously for your business or your customers’ business. As a starter, you may check out our Sectigo Web service, a modern all-in-one and comprehensive web security service.

About WebNIC

DigiCert Smart Seal – The Brand New Dynamic Site Seal

September 10, 2021March 8, 2023

Introducing DigiCert Smart Seal, a brand new dynamic SSL secure site seal

A brand new member to the SSL site seal family is now available from DigiCert, one of the most trusted names in the SSL industry. The SSL site seal has been around for some time, and DigiCert is making great strides to redefine it in this whole new modern era of digital landscape. Hence, just a few months ago they launched the DigiCert Smart Seal, a brand new dynamic SSL secure site seal. In case you are not sure what is this, click here to read more about SSL certificate site seal indicator and its importance.

What is DigiCert Smart Seal?

DigiCert Smart Seal is a modern approach to the traditional SSL secure site seal. It is more than just a seal in which it incorporates real-time security indicators with users’ microinteractions, giving them extra confidence and empowering their trust when they browse a site. The powerful feature of a DigiCert Smart Seal is that it is able to dynamically display identity and PCI status with an industry-first verified logos and other modern features, which is not found in any other SSL site seals.

What is different in DigiCert Smart Seal?

Conventional SSL secure site seal for most of the time, has been just static images, which can be easily duplicated to deceive users. However, DigiCert Smart Seal is different. It is just like any SSL secure site seals, but smarter and improved.

It is designed to be seen and understood easily, while at the same time difficult to duplicate, which prevents spoofing, fraud and misuse by any ill-intentioned parties. Now, it is much more eye-catching with vivid animations, making it smarter and improved for today’s Internet landscape. The Internet is very different from what it was 20 years ago, and DigiCert has taken this into account when designing it. Now, it all changes with DigiCert Smart Seal!

How does DigiCert Smart Seal work?

Visual cues are now extremely important to help users reach their decisions, especially in this modern digital age of short attention span! So, how does DigiCert Smart Seal work and take this into account? The answer is eye-catching and vivid animations that are hard to create without using the right method to install the seal!

When users roll over it, they see a company’s logo that has been verified by DigiCert, presented in smooth animations while also displaying useful information about the site’s security. The information is delivered right to the seal real-time, and users can click on it to display more useful verification information without leaving to verify the legitimacy of the site.

Here’s some snapshots of how a DigiCert Smart Seal works:

In addition, when the seal is clicked, it will produce a splash page with details including: Company name, address/location, date issued, level of encryption, verified customer since (date), CT logs used, blocklist check, vulnerability scanned, PCI compliance scan. Check out our example splash page below:

To experience how it works fully, please visit https://www.webnic.cc/ and scroll to the bottom footer to have a look!

The benefits of using DigiCert Smart Seal

Firstly, DigiCert Smart Seal is designed to redefine how SSL site seals are seen and understood by users. It provides simple and easy interactions for them to engage with it, helping them to learn more about the security information of the site. Users who value security and safety can view extra validated info of the secured site easily and without hassle with just a click. DigiCert Smart Seal helps users to make safe and informed decisions in transacting with a site.

In addition, DigiCert Smart Seal is also able to increase and enhance brand assurance. As mentioned before, it is smarter and improved over the conventional SSL site seals, which is difficult to duplicate, spoof and misuse. This will in turn reduce the risks of brand abuse, fraud and misuse on malicious sites. Users trust featured and validated brand logos, which is perfect for extra brand safety assurance.

Last but not least, DigiCert Smart Seal is equivalent to the mark of an organisation which values safety and security. It is an easy and effortless way for organisations to feature security as their core value. Brands can put security at the center of their brand message by displaying verified logo in a visually engaging way using DigiCert Smart Seal. This will make users very much more confident in doing business with them, increasing business success.

DigiCert Smart Seal comes free with all Secure Site and Secure Site Pro SSL certificates

In conclusion, DigiCert Smart Seal is designed to work smarter in this modern digital age. The world is a whole lot different now from the early days of the Internet, therefore DigiCert Smart Seal is a whole new approach to the conventional SSL secure site seals. It only brings benefits to website owners and it doesn’t have any cons.

The good news is, it comes free with all DigiCert Secure Site and Secure Site Pro SSL certificates. If your customers have taken the extra steps to secure and validate their sites at the highest level, why not help them let their customers know?

Enable DigiCert Smart Seal with WebNIC

Displaying a site seal on websites assures the authenticity and credibility of the websites, giving users increased level of trust. It is the right thing to do, and every organisation should do it. Get started in enabling DigiCert Smart Seal with WebNIC, a DigiCert Certified Platinum partner. You should enable it for all your customers who have them. There are two ways you can do so:

If you have access to DigiCert CertCentral platform, then the process is extremely easy and takes only 10 minutes with just a few ticks. Follow the instructions here.

If you do not have access, kindly send an email to us at [email protected] and we will help you to do it. Alternatively, visit our DigiCert Smart Seal info page and submit the form there to request for our help.

If you have any inquiries about DigiCert Smart Seal, just send an email to the email address above. We are more than happy to help you.

About WebNIC

WebNIC operates a digital reseller platform covering primarily domain name registration for over 600 TLDs, web security services, email and cloud services. With offices in Singapore, Kuala Lumpur, Beijing, Taipei and Jakarta, we serve 5,000 active resellers in over 70 countries. With over 20 years’ experience, we accelerate our partner’s growth through a robust platform, attentive support and wholesale pricing. To join us and become a reseller, live chat with us or email us at [email protected].

Common WordPress Vulnerabilities and How to Overcome Them

September 2, 2021March 8, 2023

WordPress vulnerabilities and how to overcome them with Sectigo Web Security

WordPress is no stranger to many of us and there is a very good reason behind it. Why? That is because it is the world’s most popular Content Management System (CMS), used by numerous websites big and small. In fact, according to BuiltWith®, nearly 37% of the top 1 million websites in the world use WordPress as of the time of writing. On the entire Internet, it is a solid 43% out of nearly 65.5 million websites that are using WordPress.

With such an enormous usage distribution in the Internet world, it is only natural that WordPress has become the favourite target for hackers and cybercriminals to exploit its vulnerabilities. These notorious cyber attackers are constantly on the lookout for any exploitation opportunities in WordPress vulnerabilities, even going as far as using automated programmes to hunt for their next victim who is a WordPress user in order to launch their attacks at the fastest possible.

How do cyber attackers find exploitation opportunities in WordPress websites？

As with any software in the digital landscape, WordPress is also prone to code defects and flaws in the way it is designed and coded, or even due to technology advancement which causes some codes to no longer work as intended. The community of dedicated developers behind WordPress are constantly improving its codes. Hence, websites which use WordPress will usually become outdated in its codes, system files or even architecture frequently, because the developers are working hard and pushing many new fixes and updates from time to time.

WordPress websites running on outdated codes and system files present security loopholes and weaknesses, which are great exploitation opportunities for cyber attackers. These websites usually share some common security vulnerabilities which are exploited by cyber attackers. They use these vulnerabilities to take control of WordPress websites in executing various cyberattacks, steal data that they can use or sell, spread malware, bypass authentication mechanisms, make unauthorized website changes and transactions, or even taking down websites to demand ransoms. Continue reading below to see these common WordPress security vulnerabilities.

Common WordPress security vulnerabilities and what to do about them

The following list presents you with a general idea of the common WordPress security vulnerabilities that cyber attackers tend to target when they are looking to exploit a WordPress website. Keep in mind that this is not a definitive list, and there are other approaches that they can use.

Vulnerability 1: Login Fields

WordPress allows for users to login to an admin dashboard to manage their website. The login page fields are vulnerable to attacks as cyber attackers have tools to bypass the authentication management. One such popular method used by them is brute force attack, where they use automated bots to continually input login credentials to the login fields until it is successful in finding the right password. Once they get access to a WordPress website through an unprotected login field, they can use it to perform illegal activities.

Recommended solutions for this vulnerability

WordPress website owners are recommended to enforce these methods in order to protect their login fields.

Firstly, limit the login attempts a user can attempt in a set period. Once the user reaches the maximum number of attempts, his/her IP address will be blocked and he/she cannot try to login anymore.

Secondly, enforce using strong passwords for users who have access to the admin dashboard. The key thing about a strong password is that the longer it is the better, as well as it is alphanumeric: a mix of letters (upper and lower case), numbers, and symbols, with no ties to personal information and no dictionary words.

Thirdly, implementing two-factor authentication (2FA) adds an extra layer to the login procedure, which ensures extra safety by requiring users to submit a unique number/pin that is sent to their phone or email.

Last but not least, change the login username into something unique. Generic and common terms like “Admin”, “User” are easy to exploit using brute force attack.

Vulnerability 2: Default URL and File Names

When a WordPress website is setup initially, the system uses default URLs, file names and storage locations to prepare the resources. These are important pages and hackers know about this, which makes it easier for them to launch brute force attacks if the website owners do not manually change them.

Recommended solutions for this vulnerability

Firstly, make sure to change the default URL path for admin page. WordPress uses the following URLs as the default admin page links: “www.yourdomain.com/wp-login.php” and “www.yourdomain.com/wp-admin”. Anyone on the Internet including hackers can easily reach this page. Therefore, it is recommended to be creative and change the admin page URL to something else that is more unique.

Secondly, make sure to change the default database table name which uses wp- prefix. Important data such as login credentials, user info, transaction details and much more are stored in these tables. Hackers are aware of this and targeting database to extract this important data is a common approach for them. Therefore, it is recommended to change the prefix to something unique.

Thirdly, make sure to change the location of the wp-config.php file. This file is the backbone of a WordPress website’s settings, configurations, authentication keys and database. Hackers love to target this file, because it gives them a lot of info about the website. Move the wp-config.php file to any other folder above the root directory that’s not a subdirectory of your public_html or WWW folder.

Vulnerability 3: Absence of data transmission encryption

The absence of data transmission encryption means that when data is exchanged and transmitted insecurely between a user’s browser and a web server, it is transmitted in plain text. Cyber attackers can intercept the transmission and extract the data. They use the man-in-the-middle attack approach to do so, which allows them to get hold of the sensitive data (name, email address, password, payment card details, tax-related information, etc.). They can in turn use this data to commit crimes like identity theft, fraud, blackmailing or ransoming.

Recommended solution for this vulnerability

It is extremely important to address this vulnerability by installing SSL/TLS certificates on the WordPress website. Why so? Click here to read the importance of SSL certificates for websites. Doing so will help WordPress website owners to encrypt data transmission between a user’s browser and their web server, which then removes a vulnerability that cyber attackers can take advantage of.

Vulnerability 4: Lack of web security tools like firewalls, malware/vulnerability scanners

Many WordPress websites do not have web security tools installed to continuously monitor for cyberattacks, malware or vulnerabilities. This presents an opportunity for cybercriminals to attack the websites from behind the shadows, such as secretly inserting malicious codes or files without the website owners knowing. By the time the cyberattacks are discovered, it was too late.

Recommended solution for this vulnerability

Implement cybersecurity solutions and tools to solve this vulnerability. Install WordPress security scanners and firewalls to monitor the WordPress website 24/7 for enhanced protection. We recommend Sectigo Web Security, a modern, comprehensive and automated web security solution and tool. It scans the website daily and monitor for any changes in code and files and immediately notifies the website owner about it.

Vulnerability 5: Outdated WordPress components, files, plugins, themes

As mentioned earlier, WordPress is continuously improving and updating. As such, its powerful features and components such as files, plugins and themes need to be frequently updated as well, in order to ensure compatibility and that they are working properly. However, many WordPress website owners tend to be slower in installing updates, and hence their websites still run on outdated versions. Cybercriminals take advantage of this to exploit security loopholes and weaknesses in old versions.

Recommended solution for this vulnerability

Firstly, it is recommended to always install plugins and themes developed by trusted and reliable developers. They are better because they are actively maintained and updated to keep up with the changes of WordPress. Hence, they are less likely to have vulnerabilities to be exploited by cybercriminals.

Last but not least, always update WordPress versions whenever there is a new one. This reduces the likelihood of security loopholes and weaknesses that can be exploited by cyber attackers.

Vulnerability 6: Unprotected input fields

WordPress websites almost always have a variety of input fields including contact and subscription forms, login fields, comments, or a search bar. These input fields are vulnerable in that cyber attackers can insert malicious codes or scripts to execute cross-site scripting (XSS) or SQL injections. Some attackers even insert unwelcome ads or malicious links in the comments section to trick users.

In XSS attacks, hackers insert scripts in any vulnerable input fields. When users click them, they unknowingly download the malware in their computers, they are redirected to a dangerous website, or the data they have provided is stolen by the hackers.

In SQL injection attacks, hackers write malicious code and try to insert them to the system via web application input fields and form input fields. If inserted successfully, they gain access to the core system files without needing to go through the websites’ authentication process. This will allow them to extract sensitive data, or even hijack entire databases via ransomware attacks.

Recommended solutions for this vulnerability

Having input fields are inevitable in most websites, but there are a few recommended solutions. Firstly, limit and minimise user inputs. Less inputs mean lower risks of attacks. Secondly, make sure to validate and whitelist data. Make sure the input fields only accept the required data formats. Thirdly, take it further by sanitising inputs following the second step. Scan all the input data and remove malicious codes before allowing it to enter the database. Next, make sure to block spammy contents in the comments sections. In addition, regularly update the WordPress website and all of its core components. Finally, make sure to use web application firewalls or any other protection tools to protect the website at all times. We recommend using Sectigo Web Security to do this.

Protect your customers’ WordPress websites with Sectigo Web Security

WebNIC is an official partner of Sectigo in promoting and selling Sectigo Web Security services. We have prepared in place the necessary tools, marketing materials and help you might require to start selling! It is a comprehensive, modern and convenient web security solution, which comes with powerful web security features, including Web Detect, Web Patch, Web Clean, Web Backup & Restore, Web Accelerate, Web Firewall and Web Comply. With it, web security service selling is now made easy for you! Protecting WordPress websites is no longer a challenging service to offer to your clients. Join WebNIC as a partner and start selling it today!

About WebNIC

Global SSL Market Share and the Top 3 Certificate Authorities

March 8, 2021March 8, 2023

The different SSL certificate brands and their global market share

There are many SSL certificate brands on the market and all of them play an equally important role of protecting website users. SSL certificate encrypts the data communication between an Internet browser and a server, which ensures the safety of users when they submit private and confidential data to the server. The encryption protects the data and only the intended recipient is able to decrypt it to obtain the original data. Any attempts to hijack the data in transfer will be useless because the hijacker will not be able to decrypt it to obtain the original data submitted by the user. For more info about what is an SSL certificate and how it works, read more about it here!

As mentioned above, there are many SSL certificate brands on the market, and the 3 of the most famous SSL certificate brands are DigiCert, Sectigo and GlobalSign. As of the time of writing, their respective market share is shown below:

DigiCert – 19.7%

Sectigo – 16.9%

GlobalSign – 2.8%

Source: https://w3techs.com/technologies/history_overview/ssl_certificate

Combined together, these three brands of SSL certificate account for nearly 40% of the SSL market share of the world. It is an amazing achievement, whereby these certificate authorities (CAs) work collectively to make the Internet browsing experience much safer for all Internet users out there! The brands are the CAs and they play an extremely important and critical role in this Internet era, where more devices are connected than ever and safety has become highly significant to communicate data between the devices.

What is a Certificate Authority (CA)?

A certificate authority is a trusted third-party company or organisation which provides verification service to validate websites or entities (email addresses, companies, or individual persons). It is also commonly known as a certification authority, which authenticates that a certain website or entity is indeed who they claim to be. The aim of doing so is to make the Internet more secured, in order to protect both organisations and users alike.

Without the existence of CAs, you will definitely be unable to shop online, make payments online, perform banking online or do any forms of transactions online. The Internet would be insecure, and you will be reluctant to simply submit your confidential data online. However, with CAs and SSL certificates in the picture, then the situation will be a whole lot different! How so? Let’s use a simple example to give you an idea of why the existence of CAs are important!

Let’s say you are visiting your bank’s website, Citibank. If you are aware, the Internet is a dangerous place and things are not always as they seem. There is always the possibility of someone imitating Citibank’s website. Anyone can create a website that looks just like Citibank’s website. So, if there are 10 such identical websites and each website claims to be the official Citibank. So, how would the user know which one is the authentic one?

In such a situation, the role of CAs comes into the picture. It is their job to verify the websites/organisations and provide assurance to all Internet users about the authentic identity of a website to help them stay safe online. The process is done with the help of implementing SSL certificate on a website! When users see the presence of SSL certificate on a website, they feel more assured to perform transactions without worries. After all, you would not want to submit your banking account details on the Internet to parties other than the intended bank’s server, right?

How do Certificate Authorities use SSL certificate to validate a website?

Here’s a screenshot of how SSL certificate can help users to identify the authenticity of a website:

Click the part highlighted in red box and it will open a box with detailed information on the SSL certificate of the website you are currently visiting.

From the information, users can determine that the website, www.webnic.cc has been verified by DigiCert. Users will feel safe to perform transactions safely on this website. In other words, DigiCert has verified www.webnic.cc, so users can be 100% confident that they are connected to the official WebNIC site.

Certificate Authorities act like a passport authority on the Internet

When CAs issue an SSL certificate to a website, it is similar to your government issuing you a passport. The department in charge of issuing the passport requests that you go through a passport application process, whereby they verify you by your legal papers, photos and fingerprints. Finally, they release the passport to you, in which you use it anywhere in the world to prove your identity.

CAs are literally doing the same thing, but for websites and digital activities and footprints. They have in place a vigorous verification process, in which it depends on the SSL certificate type requested by the applicant and they charge a fee for it. Once verification is done, the CAs issue a digital certificate to the applicant (a passport for a website), and the applicant installs it on his/her website server to display to users. When users see the SSL certificate, the assurance will be similar to the assurance of when a country’s immigration officer sees your passport. Digital certificates prove that you are the authentic one!

The different types of digital certificates a Certificate Authority issues

1. SSL/TLS Certificates
SSL/TLS certificates are used to facilitate and secure the data communication between a browser and a website’s server. Once they are installed and working properly, it displays a lock on the left side of a website’s URL which indicates communication is encrypted and secured.

2. Code Signing Certificates
Code signing certificates are mainly used by software developers and programmers to secure their programming code. These certificates ensure that the source code developed by them is authentic and it has not been modified by anyone. It protects users by authenticating the integrity of the code before they run a program or software, which might be malicious code.

With code signing certificate

Without code signing certificate

3. Email Signing Certificates
Email signing certificates are used to identify and verify individuals for web servers. They are also known as S/MIME certificates. When you sign your emails with this certificate, it assures the receiver that this email is genuine and that it is truly sent by you. Signed emails have a red ribbon and you can click it to view the details of the signer.

4. Document Signing Certificates
Document signing certificates are mainly used to verify and authenticate the document creator. It is also great for validating the integrity of the document itself. It reassures document recipients that a document is as intended by the document creator by using a tamper-evident seal. If the seal is broken, the recipient will receive a warning about the integrity of the document.

Some of the most famous Certificate Authorities

In conclusion, the global SSL market is still growing at a healthy pace, and all of the top 3 CAs – DigiCert, Sectigo and GlobalSign are all constantly innovating and improving their products and services. They are all top providers of digital certificates to ensure the safety of all organisations and Internet users alike. Thanks to their contribution, the Internet is a much safer and more secured place to perform transactions online, bringing huge convenience to our daily lives. They issue millions of digital certificates yearly, whereby these certificates protect private and confidential information, encrypt billions of transactions and enable secure communication for a higher safety level.

The good news is, WebNIC is a verified partner of all these top 3 CAs. We have partnered with them to offer a wide range of digital certificates to help our partners optimise their web service business. We offer a wide range of SSL/TLS certificates, document signing certificates and code signing certificate. Click the links below to learn more about each certificate:

DigiCert – https://www.webnic.cc/digicert-ssl-certificate/

Sectigo – https://www.webnic.cc/sectigo-ssl-certificate/

GlobalSign – https://www.webnic.cc/globalsignglobalsign-ssl-certificate/

Document Signing – https://www.webnic.cc/document-signing/

Code Signing – https://www.webnic.cc/code-signing/

About WebNIC

WebNIC is an accredited registrar by ICANN, and various countries including Asia, Europe, America, Australasia, and Africa. With offices in Singapore, Kuala Lumpur, Beijing, Taipei and Jakarta, we serve 5,000+ active resellers in over 70 countries. To join us and become a reseller, live chat with us or email us at [email protected].

What Is Digital Brand Protection and Why Is It Important?

March 2, 2021March 8, 2023

What is digital brand protection?

Digital brand protection is the action of taking continual and proactive measures in monitoring and protecting a brand’s digital identity. The aim of such a process is to ensure that its reputation is not taken advantage of by ill-intentioned people in the digital landscape.

With the advancement of the Internet globally, many brands must now build a strong online presence to connect with their customers. Customers’ attention is now largely focused online and brands need to adapt and change their ways of doing business accordingly. There is a huge change in consumer behaviour, and any brands who fall behind will likely see their businesses affected.

Nowadays, various digital channels – websites, email, search engines, social media and mobile are all crucial for brands to engage with their customers. These channels are great for growing their business, increasing awareness and reach, increasing touchpoints with customers online, as well as building a strong digital presence. With all these coming in the picture, it is certain that new external threats to brands that cannot be ignored will arise, and owners need to make sure to take care of their digital brand identity.

Therefore, digital brand protection is essentially implementing brand protection steps for all digital activities performed. The reality is that digital activities will inevitably increase usage of multiple digital channels and as a result they bring increased external risks to a brand, including both good and bad exposures. Hence, it is advisable for every brand to make sure that internally they have someone who is responsible for constantly performing digital brand protection operations. Brands have to react with high efficiency and equip themselves with skills to navigate the digital landscape and stay ahead of bad actors, especially those in the e-commerce space.

The importance of digital brand protection

1. Safeguard your brand name and reputation from frauds and impersonation
Brand name and reputation takes years and efforts to build, and they must be protected from online bad actors. As the legendary investor Warren Buffett stated, it takes 20 years to build a reputation and five minutes to ruin it. Your brand’s reputation works the same way as well.

Therefore, it is crucial that you perform due diligence in digital brand protection to safeguard your brand name and reputation. With a solid digital brand protection strategy in place, you can prevent online bad actors from using your brand name and reputation in fraudulent activities, or even impersonating your brand to scam users.

2. Prevent loss of customer trust and financial loss
As a continuation of the impact above, loss of brand reputation will then cause the loss of customer trust and eventually financial loss as well. Bad actors use your brand to steal from your customers and deceit them, causing a ripple effect whereby customers will be more alert in dealing with your brand, or even altogether stop doing business with you. Not to mention, business that is supposedly yours have been diverted away from you by impersonating your brand, causing a loss of revenue due to online counterfeiting and piracy.

Therefore, digital brand protection is an extremely important remediation plan that must be set in place for your brand to prevent all these losses.

3. Protect a brand’s intellectual property and online presence efforts
Bad actors are constantly taking advantage of brands by impersonating them in their digital activities. No industry is safe from this, including your brand. It is a serious issue because many bad actors now even go to the extent of making fully functional websites, as well as using authentic-looking emails to imitate brands with unbelievable accuracy. They hijack brands of their content and imagery, intellectual property, and use very similar URLs to steal website traffic from the brands, undermining all their efforts in building an online presence.

Therefore, brands are advisable to engage in digital brand protection activities, as well as to put in place strategies to handle situations such as those aforementioned, should they arise. You need a solid contingency plan to follow through if any external threats regarding your brand happen unfortunately.

The threats a brand faces digitally

Any brands which are not taking proactive measures in digital brand protection risk facing various types of threats by online bad actors. Here we outline some common threats:

1. Brand impersonation
We mentioned this previously, and now we outline here what kinds of impersonation might occur in your brand’s digital activities. To have an online presence means your brand has its own domain, website, email and various social media accounts. All of these are opportunities for bad actors to impersonate your brand to defraud or hijack.

The most common form of impersonating a brand is to use a spoof domain, whereby a bad actor uses a domain to look like your brand. It can be as simple as using similar typo which involves using your brand name or the more advance method of hosting content that mimics your brand’s content, as shown in the pictures below.

Image source: https://www.domaintools.com/resources/blog/up-to-your-gills-in-phishing-attacks-this-research-may-help

According to domaintools.com also, some common domain spoof tactics include:

Extra added or left out letters in the domain, such as Yahooo[.]com, mozila[.]com
Dashes in the domain name, such as Domain-tools[.]com
The letters ‘rn’ disguised as an ‘m’, such as modem.com versus modern.com
Reversed letters, such as Domiantools[.]com
Plural or singular forms of the domain, such as Domaintool[.]com

Phishing website impersonating the PayPal brand

The aim of doing so is to trick users into believing that they are visiting a legitimate website to share their confidential information. We call these phishing websites, and any brand that has an online presence faces the domain impersonation threat.

Other notable impersonation methods that bad actors can also use include social media impersonation, CEO or key personnel impersonation, as well as mobile application impersonation.

2. Brand abuse

Bad actors can also abuse a brand’s name and reputation online through various methods, which are unauthorised by the brand owner or unknown to him/her. Some possibilities that bad actors can exploit through brand abuse include:

Unauthorised sales channel and grey market abuse

Bad actors take advantage of your brand’s reputation to sell your brand’s goods and services through sales channel unauthorised by you since the beginning. Or they exploit the difference in prices for the different markets of your brand, in terms of minimum retail price (MRP) violations.

Counterfeit goods and services

Piracy is rampant online, and your brand risks being used without permission in the trading of fake goods and services, which will harm your brand’s reputation and credibility. Bad actors abuse your brand’s copyright, trademark and intellectual property. For example, they use your brand logo, content and identity to deceive users.

Domain and cybersquatting

Your brand also faces the threat of domain abuse and cybersquatting online, whereby bad actors register your brand using any of the various top-level domains. They use the domains for cybersquatting and demand a payment from you, or they threaten to impersonate your brand to perform phishing attacks as mentioned above.

Malware distribution, PPC advertisement hijacking and crypto-jacking

Bad actors also take advantage of your brand as a cover up for their illegal actions of distributing malware, ransomware, trojans, virus or doing crypto-jacking. They do so by taking control of your website, or making a highly similar website as yours. Then, they install executable files and scripts on your brand’s website or the fake website to infect all visitors who search for your brand.

In summary, these threats can happen to anyone and any brand at any time. If your brand does not have a proper digital brand protection in place, the implications are severe and it will lead to tarnished brand reputation, loss of customers’ trust and their business, and eventually financial loss. The headaches of solving digital brand threats are very daunting and costly. Do make sure to perform digital brand protection actions beforehand, and make sure that all these do not happen to your brand(s).

Who needs digital brand protection?

The answer is definitely ANY company that has an online presence. Digital brand is part of the core assets of a brand now, as long as you conduct any forms of digital activities for your business. Make sure to start taking actions for your digital brand protection. Here are some steps you can start thinking about:

Proactive global domain registration service
Phishing, brand abuse protection & take down service
Protection from “domain hijacking” lock
Domain portfolio management
SSL portfolio management
Online digital reputation management
Domain brokerage & escrow service
Domain audit
Personal data WHOIS protection

Digital brand protection is of utmost importance now in this digital era. Not only does brand protection matter a lot in the real world, but it also matters a lot in the digital landscape. Do not allow your brand reputation to be exploited by ill-intentioned players! It takes years to grow your reputation, so why let bad players destroy it? The good news is, we also offer digital brand protection service. Protect your brand’s online reputation by letting us do all the heavy lifting for you. Contact us to learn more.

About WebNIC

WebNIC is an accredited registrar by ICANN and various countries including Asia, Europe, America, Australasia, and Africa. With offices in Singapore, Kuala Lumpur, Beijing, Taipei and Jakarta, we serve 5,000+ active resellers in over 70 countries. To join us and become a reseller, live chat with us or email us at [email protected].

Understand What is a Digital Signature and Its Benefits

December 2, 2020March 8, 2023

What is a digital signature?

A digital signature is a specific kind of electronic signature (or e-signature) to digitally sign and secure electronically transmitted documents. It is widely recognised as the most secure type of electronic signature, among the many different types out there. All digital signatures operate in a standard and an internationally accepted format, called the public key infrastructure (PKI) protocol. Therefore, it is regarded as the most secure type of electronic signature, and it is legally binding in many countries.

Digital signatures are identical to physical signatures in that they are unique to every person. They support “non-repudiation”, time-sensitive transactions, audit trails and regulation requirements. They identify the identity of the signer, provide a timestamp of when the documents are signed and support an audit trail if needed. They also provide a tamper-evident seal to secure and proof the authenticity of a document, ensuring it has not been altered since the time of signing. This is extremely important for working with documents online securely.

How does a digital signature work?

As mentioned above, digital signature works by using a specific protocol, PKI. It is regarded as the golden standard when it comes to validating and authenticating digital identity through encryption. Under the PKI protocol, a mathematical algorithm that can only be done by a computer generates two long numbers (known as keys), which act as a pair of related keys, a public key and a private key. Both the keys act together to encrypt and decrypt a message, through an encryption mechanism known as the public key cryptography. They work together to generate a digital signature for the document signer, which is equivalent to his/her digital identity.

Here is an example of the whole working process of a digital signature:

Mary selects a file to digitally sign it to send it to her colleague, James.
A hash value of the file’s contents is generated by Mary’s computer.
This hash value is encrypted with Mary’s private key to create a digital signature.
The file with the digital signature is sent to James.
James receives the message, and his computer program identifies the file has a digital signature. When he opens the file, his computer will proceed to decrypt the digital signature using Mary’s public key, then calculate the hash of the original message and compare the hash it receives to the decrypted hash received with Mary’s message.
Any difference in the hash values means there has been a tampering of the file.

The whole working process of a digital signature

What are the benefits of using a digital signature?

A digital signature brings many benefits in the process of document handling, and it works better than traditional signatures. Here are some of the benefits of using a digital signature to sign electronic documents.

Highly trusted and compliant to proven consent of the signer.

When the signer digital signs an electronic document, he/she needs to supply specific credentials to perform the action. The credentials are unique for each individual. By digital signing a document, it is a strong indication equivalent to the signer giving consent for his/her signature, and it also confirms his/her identity, because no one else has his/her specific credentials. Hence, a digital signature is highly trusted and compliant with laws, which also acts as a written evidence to confirm one’s identity.

2. High security and protection

A digital signature provides an audit trail that is retraceable to validate changes to an electronic document. It is cryptographically bound to the said document and the audit trail acts as a tamper-seal to ensure no alterations are made after a document is digitally signed. An approach like this ensures that when the receiver opens the document, the contents in it are exactly the same as intended by the sender. Any detected differences will alert the receiver about the authenticity of the document, providing protection to the document and the recipients.

3. Convenience in terms of time-saving and cost effectiveness

Digital signature is done fully online without the need to have physical copies of documents. It saves time in managing documents and obtaining physical signatures from multiple parties, especially when there is a large number of documents. Instead of preparing them physically through printing, in-person appointments, scanning, dispatching and running around, send a digital copy to all and save time! It is also cost-effective, which reduces paperwork cost, travelling cost, or even costly mistakes due to human errors while handling them physically.

Use cases for digital signature

Nowadays, many businesses and their online documents make use of digital signatures to increase the efficiency for their business processes, while at the same time ensuring the security of these documents which are used in critical business transactions. Example documents include:

Contracts and legal documents: Many countries recognise digital signatures as legally binding, hence they are suitable for such documents, which require authenticated signatures and unmodified assurance.
Sales agreements: Digital signature on these documents protect both buyers and sellers and it provides peace of mind for both parties. Their identities are authenticated, their signatures are legally binding and they know the terms and condition of the agreements are not altered by any third parties.
Banking and financial documents: The financial department of companies can digital sign their invoices and send to their customers. Customers are protected, knowing the payment requests are from authenticated and the true seller, not a bad actor scamming them to send money to a fraudulent account.
Healthcare data: Data privacy is of utmost importance in the healthcare industry, especially patient records and research data. Digital signatures protect the sensitive information contained in these data and make sure they are not altered during sharing between qualified parties.
Government documents: When government agencies handle data, they need to adhere to strict guidelines and regulations. Digital signatures streamline the process by making certain the right people with the right authority can perform government approvals, without being altered illegally.
Shipping documents: Digital signatures help manufacturers reduce costly shipping errors, due to incorrect cargo documents or tampering. Digitally signing shipping documents are much more accessible and safer compared to physical shipping documents.

Start selling digital signing certificates with WebNIC

A digital signature can only be created with digital signing certificates. Therefore, WebNIC has added a new service to provide document signing certificates service to our valued partners. Our digital signing brands include world-renowned brands, DigiCert, Sectigo and GlobalSign to help our partners deliver the best digital signature service. Digital signature is gradually becoming more mainstream and it will evolve into an important must-have when it comes to dealing with documents online! Get started selling today and be a part of this global trend towards a digital signing age!

About WebNIC

WebNIC is an accredited registrar for ICANN, and various countries including Asia, Europe, America, Australasia, and Africa. With offices in Singapore, Kuala Lumpur, Beijing, Taipei and Jakarta, we serve 5,000+ active resellers over 70 countries. To join us and become a reseller, live chat with us or email us at [email protected].

Goodbye SSL/TLS Certificate 2 Years Maximum Validity

July 30, 2020March 3, 2023

Goodbye SSL/TLS Certificate 2 Years Maximum Validity

In February 2020, Apple has announced groundbreaking news to the SSL/TLS certificate industry during a face-to-face meeting of the Certification Authority Browser Forum (CA/Browser Forum). It has independently declared that starting 1 September 2020, the Safari browser on all of its iPhone and Mac operating systems will no longer trust SSL/TLS leaf certificates with a validity period of more than 398 days, equivalent to a one-year certificate plus the renewal grace period. In other words, any leaf certificate issued after the said date, with a validity period of more than one year, will be classified by Safari browser as an untrusted certificate. Other types of SSL/TLS certs, including intermediates and roots, are unaffected.

An Expected Development

The news comes as no surprise as SSL/TLS certificates’ lifespan has been reduced every now and then throughout the past decade. The validity period of certificates is on a reducing trend, with the most recent reduction to one year, happening soon after 1 September 2020.

Just over a decade ago, SSL certificate providers were selling certificates that spanned between 8 and 10 years. In 2011, the Certification Authority Browser Forum (CA/Browser Forum) was established, which consists of all the certificate authorities (CAs) and big browser makers. They determined that the 8 to 10 years validity period was just too long, and decided to cut it down to 5 years. The same thing happened in 2015, and the validity period was cut down to 3 years. In 2018, it was cut further down to 2 years. Now, Apple is pushing for 1-year certificates by making changes to its Safari browser. Below is what you can expect for this latest development.

All the major browser makers have for years lobbied to shorten the validity period at the CA/B Forum, especially Apple and Google. They have constantly raised ballots for forum members to cast votes to reduce the term. Last year August, Google’s Ryan Sleevi introduced a ballot at the CA/B Forum that pushed for a maximum one-year validity for SSL/TLS certificates. However, citing concerns and comments from users, which are mostly in objection, most of the major certificate authorities (CAs) downvoted in the ballot and the issue was put on hold. With no concrete decision, Apple has announced in February this year of its unilateral decision to implement the 1-year certificate for its Safari browser.

A Shorter Validity Certificate Has Its Good and Bad

The idea behind a shorter-term SSL/TLS leaf certificate is that the shorter the validity period, the more secure it is. The purpose behind this approach is the browser makers want to make sure that web developers are always using the latest SSL certificate encryption standard and technology. It can be achieved when SSL certificates expire in a shorter time, and they need to be frequently updated more by web developers. Doing so will help browser makers to increase web security for users’ safety.

It also reduces the risks whereby old or neglected SSL certificates are exploited by hackers to perform phishing or malware attacks. Old certificates might be using an encryption technology that was powerful three years ago but is now broken by hackers. That is just how fast things move in the cybersecurity industry. Browser makers are well-aware of this and therefore firmly push for a shorter validity period for SSL certificates. The approach is also believed to be able to effectively reduce the timeframe in which hackers can use to explore how to exploit a certificate. It also makes it less likely in the future that old certificates using retired encryption are still used by web developers and end up being exploited. Through this approach, SSL certificates with new keys will be generated regularly to keep hackers at bay and as a result, reduce their exploitability.

However, with shorter SSL certificate validity period, comes more workload for the web developers or website owners who are managing them. They will be required to increase the frequency of certificate replacement tasks, and it might take up a lot of time if they are managing up to hundreds or even a thousand certificates. The hassle factor is indeed there, which is why many users are against this implementation. It increases their cost and overhead, and it is also prone to more human mistakes and errors due to increased workload and confusion.

How Will This Change Affect Website Owners and Customers?

Safari is the second leading web browser, with a 14.4% market share, as shown in the image below:

Image from: W3Counter June 2020 (https://www.w3counter.com/globalstats.php)

With an approximate 4.5 billion Internet users around the world, 14.4% equals to roughly 650 million users who are using Safari browsers. Website owners will definitely want to ensure that their websites are trusted by Safari, or risk losing their precious traffic when the privacy error shows up on Safari. Website owners are expected to become more occupied in renewing their SSL certificates on a yearly basis to ensure an excellent customer experience. Website admins will be expected to streamline their existing certificate management practice in order to adapt to this new implementation on Safari. Large organisations with a large number of SSL certificates will be searching for a reliable and automated certificate management solution to reduce manual management and errors.

How Will This Change Certificate Resellers?

For a starter, you can still issue two-year SSL certificates up to 31 August 2020 for your customers to use until they expire. After the said date, it is recommended to issue one-year SSL certificates only, as far as Safari browser is concerned. You can of course still issue two-year certs, but you need to ensure you have a good certificate management solution to keep track of all the two-year certs you previously issued and renew them after one year to continue being trusted by Safari browser.

Certificate Authorities Are Prepared

With all that said, you can still feel at ease, as the leading CAs have early anticipated this development and respectively prepared solutions for it. They have put in place new platforms and certificate lifecycle management solutions and subscription plans to help SSL certificate resellers to adapt to this change. New options and implementation of SSL certificates are ready for web masters to purchase coverage for a more extended period. DigiCert has prepared DigiCert® CertCentral TLS Manager, and Sectigo has developed Sectigo Certificate Manager.

With new platforms and solutions in place, SSL certificate resellers can gain more flexibility in offering automation, multi-year plans and discounts for their customers which sign up for SSL certificates for a longer period. Automation will help to ease the workload in managing their customers. Here are some of the benefits of this approach:

1. Resellers can help their customers to save cost by offering a multi-year price discount.

2. Resellers can help customers to only purchase once without having to worry about it anymore.

It is believed that the change will be a win-win for both parties with the introduction of the new automation solution.

Conclusion

In conclusion, we believe it is only a matter of time before all other major browsers follow in Apple’s footstep. A 1-year certificate is definitely the new common soon. Once any one of the major browser makers does so, CAs know perfectly well they definitely need to change their certificates to a 1-year validity period, as the browser makers are equivalent to the web’s gatekeepers and they hold all the cards. CAs can only follow suit.

However, we are not worried and you should not be, too! CAs are well-prepared and have put in place new platforms and solutions to help manage SSL certificates. We believe it will be a relatively smooth and straightforward transition, and everyone will get to enjoy greater website security and an enhanced certificate management experience.

WebNIC is proud to announce that we now offer DigiCert CertCentral TLS Manager service, which we believe will benefit you greatly. If you have any inquiries, feel free to email us at [email protected] for more info.

About WebNIC

Build an All-round Protection for Business Digital Identity

April 10, 2020May 30, 2022

What is a Digital Identity?

A digital identity is equally important to a physical identity in the real world, except that it exists in the digital landscape. Just like in the real world, when opening a bank account, renting a car, buying an insurance, you need to present your identity card for the respected parties to confirm your identity, so that they can confirm you are who you claim to be.

The same goes for any business that has established a presence on the Internet. Website visitors need an assurance for the business’s digital identity, and that they are truly dealing with the real authentic business. They need safety indicators to be sure that they are not dealing with some fraudsters or scammers, pretending to be the business entity and tricking them into submitting their private and confidential information. In fact, businesses which do not have a secured digital identity is one of the many causes for the alarming rate of cybersecurity incidents that took place in recent years.

The crucial point here is, all businesses must place protecting their digital identity as a main priority and a core business process to protect themselves, as well as their customers online. We outline below the importance of protecting digital identity.

The Importance of Protecting Digital Identity

Build a strong brand reputation, trust and credibility

Businesses which have a secured digital identity are more likely to score more merit points from users, which will help to build a better brand reputation, a higher trust level from customers and a higher level of credibility. Many customers are now increasingly more aware of cybercrimes and consider their online safety as an important factor before performing any online transactions with any business.

A secured and protected digital identity helps businesses to send safety indicators to potential customers. These signals serve as a powerful way to encourage customers confidence that the business is real, and they can safely perform any form of transactions with it online, knowing that their data is in safe hands.

Business owners must take securing digital identity seriously, because the brand reputation, trust and credibility are at stake here. There is this saying by Warren Buffett:

“It takes 20 years to build a reputation and five minutes to ruin it.”

Businesses which keep this in mind will then start to view securing a digital identity differently.

Prevent fraud cases and brand theft

Businesses who protect their digital identity enjoy a lower risk of cyberattacks. We all know very well that cyberattacks are happening frequently around the world, as they have appeared in news headlines a lot. It is safe to say that cybersecurity risk is inherent as long as the business uses any form of Information Technology (IT) to operate the business, such as using the Internet, send/receive emails, owns a website, selling online or using any forms of software.

All of these lie hidden risks that can be exploited by ill-intentioned individuals to perform criminal activities, examples which include using the business’s name to perform email frauds and phishing activities, or pretending to be the brand to scam unsuspecting individuals of their confidential information or monetary gains. Some criminals also carry out brand theft activities, to the extent of even making near perfect copies of brand websites to deceive the general public to perform financial transactions.

These examples show how crucial it is for businesses to take steps to protect their digital identity. It is in the best interest of business owners to ensure that their brands are not being taken advantage by scammers and fraudsters. Protect digital identity to prevent fraud cases and brand theft, which will hurt a brand’s reputation.

Businesses protect themselves, their customers and their private information

A secured digital identity also helps businesses to protect themselves, as well as their customers and their private information. It ensures the process of data exchange is completed correctly and prevents malicious hijacking by hackers and evil players. Data exchange can exist in the form of email and documents exchange, email exchange, software exchange or even the connectivity of Internet of Things (IoT) devices. The outcome of securing digital identity is that it can help businesses to save themselves from a lot of headaches and troubles that might arise from digital security issues.

For example, the first and foremost is the business’s identity. With a secured digital identity well in place, any business can inform its contacts that every single dealing is strictly true and authentic only if these signs are present. Else, all others are false or pretenders. Such a way can be implemented on websites, emails, documents and software programs. Doing so can help to educate customers to exchange data with only approved individuals or entities, thus preventing them from submitting data to unauthorised parties. In a way, a secured digital identity protects them and their private information, too.

It is without doubt that business owners must understand the importance of securing digital identity for their businesses, and that it must be placed as a core process of running a business. It will definitely save them a lot of time and money down the road, when it comes to dealing with digital security issues.

DigiCert Offers a Comprehensive and All-round Protection to Businesses

DigiCert, a world-renowned Certificate Authority (CA), offers a wide range of tool and tactics to secure businesses and help them protect their customers. A digital identity protection can be achieved in the following aspects, and DigiCert offers solutions for each of them.

Email & Document Security

Businesses deal with a lot of emails and documents in their operations. They are a necessity in ensuring a smooth operation for businesses. However, they also pose a security risk which might compromise a business’s digital identity.

DigiCert offers a solution of personal certificate. It enhances security by implementing documents and emails digital signing. Employees use their personal digital sign to notify receivers of the authenticity of the documents. It also comes with email encryption, in which only the intended receiver has the decryption to open and view the contents.

Software Security

Businesses now operate in a highly digitalised space, and make use of many different software for work efficiency. Software is like a car and must be routinely maintained and updated to solve bugs and errors. However, there lies a risk in which hackers can hijack the maintenance and upload malicious code and malware.

DigiCert offers a solution of code signing certificates. These kinds of certificates inform users that the update is authentic, and they can safely download and execute it. The developer has digitally signed the code to protect the integrity of the code, and that it has not been tampered with.

Website Security

Businesses use websites to establish their online presence. They are equivalent to the lifeblood of their digital identity. However, as mentioned before, hackers can create a near perfect duplicate of the websites to scam and fraud unsuspecting individuals.

DigiCert offers a solution of TLS/SSL Certificates to secure business websites. Read here to understand the importance of SSL Certificates. Having these certificates is like shouting to the public, this website here is the true website, as its owner has been reviewed and authenticated by us. That is why you see this TLS/SSL Certificate stating the identity of the website owner. All others are imposers and you should not deal with them.

There is a wide range of SSL Certificates on the market. Read here to understand how to choose the right SSL Certificate for your website.

Internet of Things (IoT) Security

The human race is entering the IoT era where more devices than ever are interconnected with each other to work together and make life better and more convenient. Imagine smart devices, self-driving cars, smart homes, public connectivity all interconnected. Millions of connectivity will be implemented and how should we secure them from hackers.

DigiCert offers a solution to create and manage millions of IoT certificates for all the devices, from a single platform. How convenient is that! No more human errors from managing them. Trust in a machine, not a human!

The illustration below is a summary of DigiCert’s comprehensive and all-round protection for businesses in the digital landscape.

Conclusion

Protecting digital identity should be treated as a vital business process and has to be taken seriously by business owners. With an increasing number of cybercrime cases and online fraud cases, businesses cannot ignore this risk and must be prepared always to protect themselves and their digital identity in the vast Internet landscape.

At WebNIC, with the assistance from DigiCert as our valuable partner, we are always advocating to enhance web security. We offer a comprehensive and all-round digital identity protection to businesses, including protection of website, email, documents, software and IoT devices. If you need any digital identity protection solution, we are always here to help.

We are also looking for interested partners to be a part of us to stand strong with us to build awareness for web security and to make the Internet a better place for all. Come join us and DigiCert now!

About WebNIC

SSL Certificate Site Seal Indicator and Its Importance

March 5, 2020March 8, 2023

What is an SSL Certificate Site Seal?

An SSL certificate site seal is a visual indicator on a website that provides security confidence to users. It comes with SSL certificates and it can be installed easily. After installing it, a small graphic will appear on the website, stating that the website is secured, and by which Certificate Authority (CA).

SSL certificate protection has a few trust signals that will show on a website, and a site seal is one of them. It is a method to display security on a website to give users higher levels of confidence, and reassures them their connection is encrypted and protected from attackers. A site seal is equivalent to a trust mark.

Static Site Seal vs. Dynamic Site Seal

There are two types of site seals, namely static and dynamic. The type of SSL certificate you choose to purchase will determine whether you get a static site seal or a dynamic site seal. Take a look at the illustration below for the differences between them.

Every SSL certificate is associated with either a static or a dynamic site seal. Before purchasing any particular SSL certificate, it is worth checking out which type of site seal it offers.

View our range of SSL certificates here: DigiCert, Sectigo and GlobalSign.

The Benefits of Installing a Site Seal on a Website

A site seal that comes with an SSL certificate functions as a strong trust indicator. It helps website owners to gain trust from website users easier and almost instantly. According to a survey done by Econsultancy/Toluna, 48% of participants indicated that trust marks provide the highest sense of trust when they are visiting a website.

A higher sense of trust will then result in a raise in website conversion rate. Blue Fountain Media did a split test on how adding a site seal affects trust and conversion rate. The results showed that the page with a site seal outperformed the page without one by a 42% increase in conversion.

An eye-tracking investigation by CXL also showed that users check for the presence of a site seal when submitting their info via a form. It is important because site seal adds credibility and reassurance for users to interact with a website. Therefore, the benefit that a site seal provides is to build a high level of trust and thus a higher conversion rate for your desired user actions.

Image source: CXL

◆◆◆◆ View our range of SSL certificates here: DigiCert, Sectigo and GlobalSign. ◆◆◆◆

Conclusion

SSL certificate site seal is a great trust indicator for website owners to put on their websites, especially on e-commerce related websites. It imbues a higher level of confidence and trust for website visitors to provide their information. Trust is an important factor that must be placed as the first priority by any website owners, and displaying a site seal is one of the simplest and best approach to build up trust.

About WebNIC

WebNIC is an accredited registrar for ICANN, and various countries including Asia, Europe, America, Australasia, and Africa. With offices in Singapore, Malaysia, Korea, Indonesia and Taiwan, we serve 4,500+ active resellers over 70 countries. To join us and become a reseller, live chat with us or email us at [email protected].