We are all familiar with news stories exposing scary-sounding vulnerabilities, such as Meltdown and Spectre, or ingenious new ways that hackers and scammers can steal your data.
To say security best practice is movable feast is somewhat of an understatement.
As an Internet user, it can be difficult to know what you can do to protect yourself. But one great thing that every user can do, is to ensure that they’re using a modern, up to date browser.
Not that long ago, browsers would be updated infrequently in major releases, and sometimes only with a new operating system (OS). But in the fast-paced world of today, this is no longer appropriate.
Because the likes of Chrome, Firefox and Microsoft Edge browsers all self-update, if you use one of these browsers, you’re very likely to be running the most recent version. Yay!
Unfortunately, some estimates suggest that more than 10% of internet users are still using old, insecure browsers.
So, what’s changing?
There are a number of protocols used to encrypt internet traffic and the oldest still in use, Transport Layer Security version 1 (TLS 1.0), was originally defined in 1999. As the internet has evolved, this has been found to be insecure by current standards. The most recent version of TLS is version 1.2, with version 1.3 set for release this year.
The PCI Security Standards Council are a recognised authority on security standards for account data protection. One of their most important standards (as far as the internet is concerned) is their Data Security Standard (DSS).
While the PCI DSS is primarily concerned with the storage, transmission and usage of payment card information, it’s widely used as a standard for Internet security best practice.
Some time ago, the PCI Security Standards Council set a deadline for dropping support for the insecure encryption protocol TLS 1.0. All organisations who handle card payments and want to remain compliant, must not support this protocol after 30th June 2018.
It has also recommended that support for TLS 1.1 be dropped, but this is not a requirement.
How will it affect me?
If you’re using a modern browser such as Chrome, Firefox or Edge, it should not affect you at all. Your experience of using the internet will continue as normal.
However, if, for example, you’re still using Internet Explorer 10 you will start to see this message:
Aside from being more than a little frustrating, it’s likely your internet banking won’t work, and you won’t be able to make online purchases with major retailers. Other large internet service providers, such as Microsoft, are also dropping support for TLS 1.0 and 1.1 later this year. It is likely that by the end of 2018, the internet will be effectively unusable with an old browser.
What are myhrtoolkit doing about this?
In line with best practice, we aim to comply with the PCI DSS recommendations and stop accepting TLS 1.0 and TLS 1.1 connections during the summer of 2018.
This means that if you’re using a browser that’s incapable of using modern encryption, for your security and that of every other user, you will not be able to use any of myhrtoolkit services. We understand that for some users, updating their browser may not be simple or quick. Some may not even know how to tell if their browser is old.
Soon, we will be updating our login page to alert users with insecure browsers of the upcoming change. If your browser is going to be affected, you will see this message on the login page:
If you see the normal login page, then your browser supports modern encryption.
If you are affected, to ensure continued use of myhrtoolkit and indeed the wider internet, ensure that you’re using a modern browser, such as:
- Mozilla Firefox version 27 or higher
- Google Chrome version 30 and higher
- Internet Explorer version 11
- Microsoft Edge (all versions)
- Safari version 8 or higher
You can read more detailed information about this topic on the PCI Security blog.
If you would like more information about how myhrtoolkit keeps your data secure, please visit our Security Statement on our website or get in touch.