On 31st March 2020, Google, Microsoft, Apple and Mozilla’s browsers stopped supporting Transport Layer Security (TLS) versions 1.0 and 1.1. Here’s what these changes mean and why it’s important for your business to stay on the latest software versions.
What is TLS?
TLS is a security protocol to encrypt and authenticate secure web connections from a web browser or between servers.
Version 1.0 was released in 1999 and 1.1 was introduced in 2006. Regulatory requirements have changed since then and there are new security vulnerabilities. TLS 1.0 and 1.1 are now outdated protocols, unable of supporting modern cryptographic algorithms, which means they’re more vulnerable to cyberattacks.
The major technology vendors are deprecating support of TLS versions 1.0 and 1.1. So, popular web browsers such as Chrome, Safari and Firefox will keep functioning but when they encounter TLS 1.0 and 1.1 web communication, they’ll show alerts. Server-to-server communication will also change.
Will this impact me and if so, how?
Following the footsteps of major tech vendors, ClickDimensions will soon be deprecating support of TLS versions 1.0 and 1.1. However, ClickDimensions and Microsoft have been working together to prepare for this change.
You won’t be impacted if your organisation runs cloud-based applications by ClickDimensions or Microsoft.
You will be impacted if your organisation runs an on-premise CRM or CRM 2015 or older (CRM 2015 and older run TLS 1.1 by default). So if you're using Microsoft Dynamics, any connections to D365 (online) version 9.x or D365 (online) Government version 8.2 will fail unless you're on TLS 1.2 or later.
Here are the steps you should take to tackle this:
- Update your CRM server environment (learn more from Microsoft)
- Upgrade your CRM to 2016 or higher
You will also be impacted if your organisation or IT provider hosts websites or web applications on local web servers that are still running TLS 1.0 or 1.1. Avoid TLS alerts or errors by updating your web servers.
If you have customers who are running one of the two environments mentioned above, we recommend that you reach out to them to discuss the most appropriate next steps to take. Read more about these changes, whether you’ll be impacted and the best course of actions more detail here.
Why it’s important to keep up-to-date with your software updates
Updating software often seems like a time-consuming hassle. It’s easy to skip your updates in favour of gaining a few extra minutes of your day and knowing that your systems will work how they’ve always worked.
But, this approach is leaving your organisation vulnerable to cyberattacks. Old software versions will eventually reach end of life (like TLS 1.0 and 1.1) so vendors will no longer offer support and further updates. This wedges the door wide open to hackers who can spot potential vulnerabilities from updates to the later versions and target older versions that way.
Tips to help you stay on top of your security game
- Have auto updates turned on for your software. That way, you’ll never forget to install the latest updates. And if some of your software can’t be updated automatically, make it a habit to periodically check for available updates
- Make sure your team also know how important it is to operate on the latest software versions
- Stay up-to-date with the latest security threats so you can swiftly take steps to protect your business from cyberattacks
- Work with a digital business consultancy who can offer MSP services, security advice, systems monitoring and more
For more insights into the TLS updates, how it might impact your business and how working with a consultancy can help, get in touch with us today.