Do you ignore SSL security warnings when browsing the web? Well, you’re not alone. Most of us click away and dismiss the warnings our computers give us about SSL certificate vulnerabilities.
“Be honest. You’ve clicked through a warning, probably today. And each time you do that, there’s a chance that someone is able to access all the data that you store on that site, be it emails, banking statements, photos, or credit card numbers.”
SSL protects classified communications like emails, tweets and bank statements from eavesdropping or alteration in transit. SSL, and its successor TLS verify the identity of the servers of websites you visit. They also exchange cryptographic keys for encrypting online communications with those servers.
“When a user visits a website over HTTPS, the browser tries to establish an SSL/TLS1 connection to the website’s server. SSL is supposed to ensure two properties: secrecy and authentication”
When something goes wrong with your secure SSL connection, or the browser can’t be sure that the site you are visiting is actually the one you expect it be, you’ll be issued an on-screen warning message.
These warnings are different to malicious malware or viruses. They most often point to a weakness in the security of the site you are trying to visit, and that the traffic between your computer and that site may be vulnerable to interception.
Often, though, we’ll read and register the warning, but we rarely take them seriously. The way our brains are hardwired to ignore security warnings is a little worrying because the consequences of data interception can be dire, and can cost users greatly. So why is it that we are so blasé?
Research by Google and the University of Pennsylvania suggests that the reason is in the warnings themselves. The presentation and language used in SSL warnings means that users often struggle to understand them and therefore disregard them. We are also a habitual species, and so once you have ignored the same warning a few times, it becomes habit. You hardly notice if the threat itself has changed.
Following this research, Google actually redesigned their SSL security warnings to describe the risk more comprehensively and concisely and offered meaningful suggestions for ways to proceed. They stripped away technical words that put users off, and added illustrations that gave an impression of danger. Other browsers have also explored other ways of encouraging due diligence in users when it comes to their web security.
When it comes to handling confidential or sensitive legal information over the web, cloud or through email, it’s essential that you can trust the traffic channels you are using. Do you ignore security warnings? Are you confident in your chambers’ IT security? If not, get in touch today. We’ll be happy to assess it for you.