Don't Get Locked Out! Why Your Website Needs SSL - Even if You Don’t Think it Does
It seems that every week brings news about yet another high-profile hack or data breach exposing the personal information of millions of people to cybercriminals. While the increasing occurrence of such acts has inspired a thriving industry based on data protection, there is one common – yet powerful – security technology proven to prevent identity theft and other types of online crime: Secure Sockets Layer (SSL). Here, we provide a look at the basics of SSL technology, why you should use it even if your website isn’t for ecommerce, and its advantages beyond security.
SSL is the industry standard used by millions of websites in protecting online transactions with their customers. In order to meet Payment Card Industry (PCI) compliance, an online business needs an SSL certificate with the proper encryption of at least 128-bit. PCI standards verify that the SSL certificate is from a trusted source, uses the right strength of encryption and provides a private connection on any page that requires customers to enter personal information. Without a certificate that meets these standards, a site won’t be able to take credit card payments.
SSL is also essential in gaining customer trust in the integrity of your business by guarding against phishing emails, which contain links that lead unsuspecting customers to a convincing replica of an otherwise reputable site. Often disguised as advertisements or shipping confirmations, these emails attempt to get credit card information. When customers don’t see the signs of security on a site, they’re more likely to navigate away without entering information. According to HubSpot research, up to 85% of website visitors will not continue browsing if a site is not secure.
How Does SSL Work?
Elegant in its simplicity, SSL establishes an encrypted link between a web server and a browser (such as an ecommerce website and browser), or between two servers (such as an application with personal identifiable information). This link ensures that all data transferred between the web server and browser or between two systems remains private and integral – preventing criminals from reading and modifying any transferred information, such as credit card numbers, other financial information, names, addresses and comparable personal details.
To be able to do this requires an SSL Certificate. SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. An SSL Certificate typically contains the domain name, as well as domain and company name; company address, city, state and country. It also will contain the expiration date of the Certificate and details of the Certification Authority responsible for the issuance of the Certificate.
During the process of creating an SSL Certificate, the web designer is prompted to answer a series of questions about the identity of the website and company. The web server then creates two cryptographic keys: a Private Key and a Public Key. The latter is placed into a Certificate Signing Request, which is submitted during the SSL Certificate application process. The Certification Authority then validates the details and issues a SSL Certificate. The web server then matches the issued SSL Certificate to the Private Key. The web server will then be able to establish an encrypted link between the website and customers’ web browsers.
When a certificate is successfully installed on a server, the application protocol (also known as HTTP) will change to HTTPs, where the ‘S’ stands for ‘secure.’ Depending on the type of certificate purchased and which browser is used, the browser will show a padlock or green bar on a website that has an SSL Certificate installed.
When a browser connects to a secure site, it retrieves the site’s SSL Certificate and check that it:
• Has not expired
• Has been issued by a Certification Authority the browser trusts
• That it is being used by the website for which it has been issued
If the SSL Certificate fails on any one of these checks, the browser will display a warning to the website visitor that the site is not secured by SSL.
SSL certificates are available online at a variety of annual fees, depending upon the CA and level of validation/protection desired.
One such CA, Let’s Encrypt, has issued more than 50 million active certificates at no cost – that is, for FREE– to further Let’s Encrypt commitment to encrypting the entire web. While web developers implement SSL themselves, professional web development companies (such as Virtual Stacks Systems) include it as part of their service offerings.
Google Sets an SSL Ultimatum – Chrome Will Enforce It
With all the emphasis on personal information security, some business owners and decision-makers may think that SSL is only necessary for ecommerce websites. However, websites that have pages with a search box and/or forms for visitors to fill out and submit – such as to receive an ebook or whitepaper for lead generation purposes – are being strongly motivated by Google to enable SSL across the entire site.
As of October 2017, version 62 Chrome began labeling HTTP pages as insecure if users can input any data – which applies to any page with a search box. The browser shows the ‘Not secure’ warning when users type data into the HTTP sites. The expanded warnings for HTTP pages are intended to add pressure on site owners to acquire the necessary certificates and set up HTTPS on their web servers. The clock is ticking, as this July, Google will label all non-SSL websites insecure with the dreaded 'Not secure' warning in red, and although everything in SEO is debatable, no one can debate that the worst thing for your SEO is a website no one can visit!
SSL Improves SEO – Plus the Take-home Message
Enabling SSL across the entire website provides an additional advantage: it’s good for SEO. According to Google Webmaster Trends Analysts Zineb Ait Bahajji and Gary Illyes, SSL is part of Google’s search ranking algorithm. In addition, Google has publicly stated that two websites that are otherwise equal in search results, if one has SSL enabled it may receive a rank boost to outweigh the other – providing a clear benefit to enabling SSL on your website and across all content. In fact, SEMrush.com lists SSL as one of the top 10 ranking factors in its 2017 ranking factor study.
CAs recognize and promote the SEO benefit as well. For example, the Enterprise EV SSL/TLS Certificate offered by SSL.com lists “Improves Search Engine Rankings” as a feature – and, of course, an incentive to purchase this premium security level.
To recap, SSL provides secure data transfer for online transactions to protect consumers and businesses, helps prevent existing or potential customers from falling victim to phishing schemes, prevents red flags from being raised about your website and boosts SEO. To ensure the best win-win scenario for your business, our web development team at Virtual Stacks Systems can answer your questions about SSL. Contact us to learn what we have to offer.