Website Security Q&A: Does my website need SSL?

What is SSL?

SSL stands for "Secure Sockets Layer." When you're browsing the web you're either viewing a secure website or you're not.  A secure website transfers data back and forth with you in a secure, encrypted manner.  That means when you're entering your username and password or credit card number it is getting to its destination without anyone else viewing or intercepting it. When you're on a non-secure website any data transfer has the potential to be stolen.  According to Mozilla, the company behind the web browser, Firefox, the total volume of encrypted internet traffic is now greater than the volume of unencrypted traffic. Whenever you see the tiny green lock icon next to the web address you're viewing, it means the site is secure.

The Man in the Middle.

Just because a website is secure doesn't necessarily mean that the company/person that owns that site is a reputable business. It only means that the site you're on is actually the site you think it is and the information you're sending isn't being seen by anyone else.  The most common way for unsavory characters to gain access to your personal data is to intercept a legitimate data exchange. When you hit enter on a form on a non-secure website an attacker could potentially hijack that connection and store any information.  The messages being sent back and forth appears to be happening unimpeded but in reality, the attacker is controlling the conversation.  This is called a Man-in-the-middle attack.

Certification Authority (CA)

So how does SSL stop a man in the middle attack?  The answer is a certificate of identity provided by a certification authority. A certification authority is a third-party trusted entity that vouches for the identity of named subject (domain name) by supplying the subject a limited time certificate. This certificate is used to confirm that the website you're viewing in your browser is who it says it is. Forms you fill out are securely getting to their destinations unhampered and the destination itself can be trusted to the extent that they are who you think they are.

Does My Website need SSL?

Yes. If you have any sort of login or accept credit cards on your site then you absolutely need SSL for security reasons.  There are several other reasons to join the rest of us and have a secure website.

Google/SEO

Google announced in late 2015 that search results would start to favor secure sites over insecure sites.  This should be reason enough to upgrade to SSL.  If your competitors have secure websites and you don't then they will show up above you in search results. Better yet, if none of your competition has SSL and you're the first then you'll have an immediate advantage in search.  It's easy to see why Google would favor security over not.  As a digital company, a safer web instills a greater confidence on the Internet in general. The more people surfing the web, the more people seeing and clicking on Google Advertisements.

Customer Trust

Even if you don't care about having a secure website, your customers do.  This year Chrome will explicitly tell users that sites are insecure using intimidating colors and language:

If I'm researching services or products you offer and I land on your site and see something like that, I'm probably going to leave right away.  Even if nothing is happening that's a pretty scary warning.  Don't give your potential customers any reason not to trust you.

How do I get SSL for My Website?

The answer is that you should already have it.  If you host your site at a half way decent provider they should have already offered you a free secure connection.  One of the major deterrents to installing SSL in the past was the cost.  That's no longer an issue.  There are free options like Let's Encrypt. Security is so important to the future of the Internet that there are non-profit organizations that exist to provide free means to that end.  So your host telling you that SSL is too expensive to implement is just wrong.

The real issue with SSL is the actual installation. It's a very technical process with many pitfalls, so you'll definitely need a professional to do so.  If you're attempting to do it yourself, there is documentation, but please do so with caution. Hosting providers like Kicks Digital Marketing take care of all of that for you.

If you don't have a secure website, you need one...now.  There's no reason why you should have a non-secure website. Contact us for more information or help to implement SSL on your website.