On 31st March 2020, Google, Microsoft, Apple and Mozilla’s browsers stopped supporting Transport Layer Security (TLS) versions 1.0 and 1.1. Here’s what these changes mean and why it’s important for your business to stay on the latest software versions.
TLS is a security protocol to encrypt and authenticate secure web connections from a web browser or between servers.
Version 1.0 was released in 1999 and 1.1 was introduced in 2006. Regulatory requirements have changed since then and there are new security vulnerabilities. TLS 1.0 and 1.1 are now outdated protocols, unable of supporting modern cryptographic algorithms, which means they’re more vulnerable to cyberattacks.
The major technology vendors are deprecating support of TLS versions 1.0 and 1.1. So, popular web browsers such as Chrome, Safari and Firefox will keep functioning but when they encounter TLS 1.0 and 1.1 web communication, they’ll show alerts. Server-to-server communication will also change.
Following the footsteps of major tech vendors, ClickDimensions will soon be deprecating support of TLS versions 1.0 and 1.1. However, ClickDimensions and Microsoft have been working together to prepare for this change.
You won’t be impacted if your organisation runs cloud-based applications by ClickDimensions or Microsoft.
You will be impacted if your organisation runs an on-premise CRM or CRM 2015 or older (CRM 2015 and older run TLS 1.1 by default). So if you're using Microsoft Dynamics, any connections to D365 (online) version 9.x or D365 (online) Government version 8.2 will fail unless you're on TLS 1.2 or later.
Here are the steps you should take to tackle this:
You will also be impacted if your organisation or IT provider hosts websites or web applications on local web servers that are still running TLS 1.0 or 1.1. Avoid TLS alerts or errors by updating your web servers.
If you have customers who are running one of the two environments mentioned above, we recommend that you reach out to them to discuss the most appropriate next steps to take. Read more about these changes, whether you’ll be impacted and the best course of actions more detail here.
Updating software often seems like a time-consuming hassle. It’s easy to skip your updates in favour of gaining a few extra minutes of your day and knowing that your systems will work how they’ve always worked.
But, this approach is leaving your organisation vulnerable to cyberattacks. Old software versions will eventually reach end of life (like TLS 1.0 and 1.1) so vendors will no longer offer support and further updates. This wedges the door wide open to hackers who can spot potential vulnerabilities from updates to the later versions and target older versions that way.
As well as security, old versions may not support new features and functionalities. So, if you’re running on an older version, you might not be getting the most out of your system in terms of useful features, compatibility and general user experience. This also affects staff productivity and puts you at a competitive disadvantage – if your competition is on the latest versions, they’re already many steps ahead of you.
For more insights into the TLS updates, how it might impact your business and how working with a consultancy can help, get in touch with us today.