Security Matters – Keeping Your Data Safe In A Post GDPR World

09 March 2018 by Pete Thorne

The upcoming implementation of GDPR legislation in Europe puts additional pressure on internet data processors and controllers to ensure that the systems they use are secure by design. In the context of this we thought it would be good to outline a very simple step you can take today to increase your online security.

For the more acronym-savvy among you, this step concerns HTTPS and SSL.

For everyone else, you may have heard the terms “SSL” or “SSL Certificate” used interchangeably with “HTTPS”.  For the most part, these are the same. An SSL certificate is the product that is purchased from a security provider and installed on a server, and HTTPS is the secure communication that results from having that certificate on your server.

Why do I need this?

All web data is sent using HTTPS or HTTPS communication methods. HTTPS is a way to encrypt information that you send between a browser and a web server. It uses Secure Sockets Layer (SSL) to achieve this. This protects your Stream LXP (formerly Curatr) users from “man-in-the-middle” (MitM) attacks, where someone steals the information being sent to a website, like credit card information or login details.

blank

Chrome displays security information on HTTPS sites

Historically, HTTPS connections have primarily been used for sites that contain sensitive information like payment details, but you’ve probably seen more and more sites making the switch to secure lately. As HTTPS has become easier to implement, secure connections are becoming the standard for all modern websites.

Over the years, big sites like Facebook, Google, Wikipedia, the New York Times, and, yes, Stream LXP (formerly Curatr), have all switched to HTTPS. Google announced in late 2015 that its search engine would favour sites that use HTTPS over those that don’t. In addition, browser providers have recently begun the push to force all web content to be delivered over secure connections. One day all HTTPS content could likely be blocked by default.

Don’t Delay – Secure Today

Stream LXP (formerly Curatr) currently accepts both HTTPS and HTTPS connections, which means your users could be choosing an insecure route. The good news is that you can force SSL in Stream LXP (formerly Curatr) right now by enabling it via the admin interface under the services menu item. This setting is found in the Admin=>Services=>SSL. Click the service and then enable and save your changes. All future visitors to your Stream LXP (formerly Curatr) instance will be redirected to a secure HTTPS connection.

blank

Are there any issues with HTTPS?

The only problem you might face is if some of your older links need updating. If your URL resources are still using HTTPS you need to change them to use HTTPS. This is because browsers prohibit secure pages from loading insecure content – which is a good thing or we could be easily tricked into thinking we were securely browsing content when we really weren’t.

What if my content doesn’t support HTTPS?

For now you can ask users to open the content in a new window. But you’ll need to start preparing for the future and finding alternative sources of content or asking your content provider to upgrade. A certificate can be installed in a day or two so there’s really no excuse!

What next?

That’s all for now, but SSL is only part of the solution for increasing online security. We have just commissioned our 2018 security probe and are always looking for ways to increase the security of our systems.

If you have any further questions about the security of your Stream LXP (formerly Curatr) data (or indeed anything else), head over to our Help Centre or get in touch.

blank
Pete Thorne
Software Development Team Lead

Pete wears a couple of hats at Learning Pool. He manages a small team of developers working on the Stream product from the Oxford office. In addition, he helps those responsible for managing the Stream product by advising them on technical decisions regarding new features and changes to existing ones. This often involves liaising with the design team and technical director and putting UX and architecture patterns through a good workout.

Historically, he has been working on e-learning platforms for 6 years and previously worked in education as a teacher for 4 years.

As a husband and Dad, outside of work, he doesn’t have too much time for personal hobbies. He does lots of playing and running around after his toddler and cooking for his family. The free time he does have is often spent engaging in church activities like playing the drums and serving on the youth team.

View more from Pete Thorne
blank
Read more about Learning Pool
Visit our Learn and Connect section

Get a free demo

Get in touch to find out how we can help

Start your learning journey

Get started by telling us what you need and one of our team will be in touch very soon.