It’s never been more important to use an SSL Certificate and activate https on your website
The Internet was designed to be an open network. But we all want our logins, messages, transactions, searches, form submissions and more to be encrypted and protected from eavesdroppers. To do this we use SSL. SSL, also known as TLS, is a widely implemented security protocol that encrypts all data passed between a browser and a webserver, keeping whatever is being sent back and forth private and secure. SSL is activated when a website has an SSL Certificate installed and traffic is being sent over https instead of http (the addition of the s means Secure).
How do you tell if a website has SSL?
Browsers let users know they’re connecting to a website using SSL through three security and identity indicators:
1. A ‘secure’ padlock appears in the browser address bar
2. If the website is using an Extended Validation SSL Certificate, the name of the company is displayed in the browser address bar
3. http changes to https
According to Mozilla, the creator of the popular Firefox browser, a short 4 years ago only 25% of websites used SSL. Today, in early 2018, it’s up to 70%. So if you’re not yet using SSL on your website, you’re in the minority. Onto the reasons why you really don’t want to be bucking this trend.
Reason 1: Protect your customer/visitor’s information and privacy
When using your website, customers will share considerable private data with you – usernames, passwords, name, address, date of birth, credit cards details, location, opinions and more. It is your responsibility to ensure that any data you request remains secure and protected.
As well as the ethical responsibility, there is very serious regulation demanding the use of SSL. Any website accepting credit cards will have a payment processor or merchant gateways that requires SSL to meet PCI requirements, and upcoming regulation like GDPR make it very clear how personal data is to be valued and managed appropriately.
Many of your customers will engage with your website and web services over home networks, public wifi and work connections. Any such network could be littered with eavesdroppers (human or bot) listening for valuable data to collect and sell. Data breaches and loss of control of personally identifiable information make the news and bring heavy fines to the websites falling victim to the growing number of attacks. Securing the traffic to and from your website using SSL is not just the right thing to do, it will ultimately protect your brand and bottom line.
Reason 2: HTTPS is now an SEO ranking factor
In the summer of 2014 Google announced that the presence of an SSL Certificate and the use of https would become a ranking factor in its search results. Admittedly, the ranking factor is classified as “lightweight”, meaning that there’s a bunch of other factors that Google expects to see when determining ranking. Regardless, SSL is now a checkbox that the search giant expects to see or otherwise you should expect impact to your rankings. Test for yourself – these days it’s hard to find high volume searches yielding insecure http sites over https secure sites.
Reason 3: Insecure sites are about to be named and shamed
If you still need another reason to consider using SSL on your website, this reason should do it. Beginning in July 2018 with the release of Google’s Chrome version 68, Chrome will mark all HTTP sites as “Not secure”. From July this year, every page your website delivers over http to your visitors browser will be named and shamed when customers see the words “Not secure” right next to your domain name. You don’t need to be a consumer behavioural scientist to appreciate the negative connotation to a customer’s buying decision.
Chrome updates silently and automatically, so expect this change to be meaningful very quickly. And with a whopping 60% of potential customers using Chrome, you can’t ignore the potential impact to your business when visitors get that “not secure” message. July 2018, that’s a deadline for the calendar of every website administrator.
I’m convinced, I need SSL. What should I do next?
Go get an SSL Certificate
Fortunately it’s pretty easy to get an SSL Certificate quickly and inexpensively these days:
Get an SSL Certificate from your hosting provider or your CMS provider
Many hosting companies and CMS (Content Management System) services now offer SSL as part of their core monthly packages. Beware expensive hosting fees for SSL as these days most hosting providers use Let’s Encrypt, which they get for free. Note however that a Let’s Encrypt Certificate is a domain validated Certificate type – meaning you won’t get your company name like the example EV SSL we detail in this blog. If you want to show your name, you’ll need to continue reading…
Get an SSL Certificate directly from a Certificate Authority
There are dozens of Certificate Authorities (CA), with the major ones all having a dramatically pricing, brand or geographical presence. You can find the list of approved CAs in your browser Certificate store, and the major vendors include Symantec, GeoTrust, DigiCert, Comodo, GlobalSign and Entrust.
Cut through the noise and get an SSL Certificate from a websecurity specialist like TrustCubes
TrustCubes was founded with a mission to make SSL easier and more accessible for everyone. We work directly with major CA vendors to build their SSL products directly into our platform. Our technology automates the painful parts of applying for SSL Certificates to make getting SSL easy. Our EV SSL automation makes it as easy to get a Certificate that displays your company name in the browser as it is to get a domain validated SSL Certificate that only shows the padlock. Thanks to our automation, we can provide SSL Certificates at lower prices than buying directly from the Certificate Authorities directly. But we still offer the same superb technical support and money back peace of mind.