While your web browsing habits may be innocent, we all assume our experiences using the web are private. Click on the “history” menu in your browser and have a look over your last few weeks browsing history. There’s a lot of information about you there – from where you do your banking, to the websites you buy from and the companies you invest in. It’s likely this holds a record of every site and online transaction you’ve made.
As a business, if you’re collecting any information about visitors to your website – even just a name and email for a monthly email newsletter – you need to consider the privacy and security implications if that information was “stolen” through your site.
If you’re like the 60 percent of internet users who use the same password for everything, then just having someone provide a password to login to your unsecured site has the potential for opening a pandora’s box of problems for that user. All online communications should be secure and not subject to the motivations of hackers who gain from stealing information.
If you have an existing website there will be some costs involved in the process of converting to a fully secure website. These arise from updating your software systems, purchasing an SSL Certificate and applying it to your website. However, these are minimal when you consider the cost of a major data breach.
What is SSL?
SSL stands for Secure Socket Layer. It is an encryption technology that’s used in the transfer of data between a web server and your visitor’s browser. This secure transfer of information is marked with https:// (instead of http://) in front of the URL in the address bar – often you’ll also see a little padlock and the word “secure”.
Any information transferred between the visitor’s browser is encrypted, so form submissions and any credit card transactions can’t be intercepted by eavesdropping or man-in-the-middle attacks.
If you run an eCommerce or membership site, secure transactions using SSL certificates are a mandatory requirement. If people are entering any kind of identification or personal information through an online form or shopping cart checkout on your website there is an expectation that this information is transmitted securely, and then stored securely.
However, consider how many times you’ve emailed credit card information, or entered personal details into a web form without thinking about whether the transfer of that information is secure. What about the storage of that data?
Understanding SSL certificates
As the number of applications for SSL have expanded, so too have the respective types of SSL certificates. An SSL Certificate is a small data file used to encrypt information being transferred over the internet. SSL Certificates are issued by Certificate Authorities (CAs) and bind the ownership details of a website with the use of cryptographic keys.
As there is now a whole realm of SSL certificates out there to confuse you, we’ll simplify it for you. There are now three main types of SSL certificates you need to know about:
- Extended Validation (EV) SSL Certificates: ranks as the highest level of SSL by delivering the strongest level of encryption available. Provides the right to use a specific domain name and extended company vetting. Also activates the padlock and green writing in the address bar of the web browser for https websites.
- Organisation Validation (OV) SSL Certificates: gives your website a greater credibility over DV SSL certificates. Shows that the website is run by a legitimate organisation by providing the right to use a specific domain name and full company vetting. Provides a mid-range level of SSL security.
- Domain Validation (DV) SSL Certificates: the CA verifies the identity of the applicant using a specific domain name. Does not provide full company vetting. The most basic level of SSL security.
Discover more: Compare SSL Certificates
Use SSL to improve search rankings
In December last year Google announced it was changing its algorithms to actively search for https versions of a website, and would give indexing and ranking preference to secure sites.
Google’s Chrome browser is warning users that the site they are viewing is “not secure” if it contains any password or credit card detail fields. A the moment secure sites are highlighted – and if you’re not sure you can click on the little “i” information icon to see the status of the site.
As this becomes more prominent, and more news stories about data breaches hit the news, your users will become more aware of this feature and start to notice if you’re not secure.
In the past, SSL certificates could get expensive, but the rapidly transforming web landscape has made switching to SSL practical and affordable. But the thing is… most of us don’t know where to start and how to move to HTTPS without messing it up. You could potentially break your website, experience downtime or lose important analytics data if you do it incorrectly!
The best advice to give those of you in this situation, is to seek help from someone who knows the ins and outs of SSL. They are far less likely to make errors and will (in most cases) be able to give you some guidance as to the level of SSL that is right for you.
If you need help making your website SSL secure, our friendly team at Thirst Creative are here to help. With years of experience in this area our savvy web developers will have your site safe and secure in no time.
Realise more: Contact us today