Never use the same key stream for two different documents
SSL certificates can be a great way to send encrypted documents online, but Rainer Enders, chief technology officer of the Americas for NCP Engineering, said to be safe, companies should try to avoid the pitfall of using the same key stream to encrypt two different documents.
"Companies often use SSL to send sensitive information from customers or partners with the assumption that transferring via SSL session is secure," said Enders, according to PC Advisor. "But increasingly, vulnerabilities during this process have surfaced."
Even trusted certificates from trusted sources can be marred if the company is being sloppy with the SSL certificates security by consistently reusing them for different documents. Enders brings up the fact that Swiss researchers published a memo that describes a way to gather information over SSLs, so more caution needs to be taken by companies using these keys.
In May of last year, Ciitgroup suffered a compromise of card account information with about 210,000 accounts affected. For reasons such as this, companies need to take every data security precaution they can with PCI compliance and SSL certificates. Making sure customers are safe is one of the most important things a company can do.