Why You Should Encrypt and Secure Your MobileTech and Schedule Connections

Insights by Adam Robinson | Technical Consultant | Key2Act

If you’ve spent time in our documentation, you may have noticed a reference to securing your ports with an SSL (Secure Sockets Layer) certificate for applications like MobileTech or Schedule, or a note that some devices won’t allow you to even connect without one.  Information like this sometimes appears to be just another ingredient in the technical acronym soup, but this one is pretty important. This article will explain at a high level why you should do this, not just for our software, but for any software you have communicating information over the internet and will point you in the right direction for how to go about it for IIS, or the software usually hosting those programs.

The first question you might have is, “What is SSL and why should I care about it?”  SSL (Secure Sockets Layer) and the newer TLS (Transport Layer Security) are both protocols to allow your devices to identify they are who they say they are.  This also encrypts, or “scrambles” the information with a “secret code”, which stops other people from easily descrambling it, but allows both your server and your client devices to do so easily.   

Imagine that you’re writing a paper check (for the youngest readers, that is like a really slow, manual Venmo) and placing it in the mail.  If you put it in a clear envelope, any person who sees that envelope can easily view (and take) the sensitive information including your account number, signature, recipient name and amount. This is the same as normal “unencrypted” communications.  When you connect to a port without SSL/TLS, much of the information you are sending is in plain text, or barely modified plain text – meaning anyone who has access to it can read it without expending much additional effort.   

Securing your port with SSL/TLS is like putting the check inside an opaque envelope.  It isn’t that someone can’t still dig into what is inside, especially with older versions of SSL/TLS, but they have to go to the effort of opening it and potentially getting in trouble for doing so. To extend the analogy a little further, utilizing more modern SSL/TLS technology is like placing that envelope inside a locked box, and one for which, at present, no one but you and the recipient have a key to open.  Unfortunately, there are a great many people always trying to create the right “key”, meaning you have to replace the lock every so often.

Why is this so important?  If you are communicating over the internet without this encryption, you may, depending on how the program works, be sending your customer data, and your own username and password, in plain text for anyone to read.  This isn’t a hypothetical: there are people out there who grab information like this on WiFi networks, and sometimes even over cellular networks, for fun or for malicious purposes, and technology has advanced enough that it can be done at low cost, and without much skill.  If you happen to re-use passwords, this means you could be transmitting your password to more than just the service you’re currently using and to anyone who is interested in grabbing it.

If this sounds too technical, or you’re wondering why you aren’t already using it, know that you’re regularly using SSL/TLS without necessarily realizing it. When you visit a website and see a lock icon in your internet browser, it is letting you know the connection is secure.  In fact, this is so common and important that Google will knock you down in the search results if your corporate website isn’t utilizing it.  You may also be utilizing SSL by default on your VPN connection to your workplace.

In the past, to use SSL, people would often create self-signed certificates, which basically means you created them yourself, just for your machine, on your machine. Unfortunately, these aren’t always great from a security perspective and can’t be “trusted”. Often people wouldn’t upgrade their systems to use updated security, so companies who make software like Android or iOS have started to (or will eventually) block any site using that old security.

While you can still purchase non-self-signed (and usually better) certificates from a variety of certificate authorities, especially if you are in unique situations where you require a little more control of them, the non-profit Lets Encrypt will help you generate basic certificates for free, and without a lot of effort.

If you want a more technical explanation of how to set it up in your IIS for your systems, you can also visit an excellent walkthrough at MikeTabor.com.

Bringing this back around to MobileTech and Schedule, when you’re using either application outside the walls of your corporate office, you’re transmitting information about your customer locations, contacts, technicians, technician username and password, and a wide variety of other information over the internet.  While some of this information is slightly “scrambled”, it’s always safest to make sure that it can’t be read even if someone tries to do so.  Implementing proper SSL/TLS certificates for both pieces of software ensures better control of your information and makes it easier for your technicians to connect without errors and without having to worry about if their phone or tablet operating system has updated.

Don’t want to have to deal with any of that, and just want your communications to be more secure and your devices to work seamlessly?  Our Professional Services Team is happy, with your permission, to help you generate a new certificate and get it installed in your environment.  Contact your Customer Success Manager (CSM) or support@key2act.com or more information.

About the Author