Websites are great for marketing. They are always great for gaining personal information. Yes, personal information. How do attackers gain advantage? Simple, by “listening” to your encrypted transactions. The latest issue is about the SHA-1 use for signing the message which is deemed not secure anymore.
How do you then secure your site which holds personally identifiable information? Get certificates with SHA2 as a signing algorithm. Google Chrome has made it easy for us to identify how secure our website is.
First step; update Google Chrome.
Second step; tell your website admin to update your certs to cover SHA2 and use TLS1.2
Third Step; practise safe coding practices. Like CSP.
For more information; hit me a note.