If you’ve visited a website and seen that little padlock symbol next to its name in your browser, you’ve already seen SSL in action. When browsing or buying online, a lock icon in the address bar shows your connection is secure. This icon instils user confidence and trust in the website. Only sites with SSL certificates will display this symbol of security, i.e. HTTPS sites.
What are SSL certificates used for?
SSL, which stands for “secure sockets layer”, is a way of preventing interception and interference with the communications between browsers and websites. To do this safely, it verifies the identity of the website operator and incorporates that verification into the encryption it uses to protect the message.
When you have an SSL “certificate” installed, your website can be accessed using the HTTPS protocol (“Hypertext Transfer Protocol Secure”) instead of ordinary HTTP. Behind the scenes, certificates consist of complicated algorithms and protected communication channels. Without certificates, hackers can intercept information which can include anything from financial transaction details to personal data entered into an online form.
Why having an SSL certificate matters to your business…
Well, the search giant has decided if your website doesn’t have an SSL certificate in place, it’s going to show a ‘not secure’ label in the address bar next to your domain name. If you are concerned about your website’s SEO, Google has declared that it gives a small ranking boost to websites that use HTTPS. However, your main benefit is from winning the trust of your visitors.
Common Misconceptions About SSL Certificates
When it comes to technology in general, people are sometimes apprehensive about changing over to new things, and SSL certificates are a prime example. Other times, people hear the same incorrect information over and over again and then internalize it as fact. Below are some of the most common things people mistakenly think about SSL certificates, and it makes for some interesting reading:
Misconceptions #1 - “I only need SSL on my login page”
This is not a good idea. Once you have logged in, hackers are far more likely to hijack your session if your landing page is not secured. Since you have already logged in, they already have access to your profile. You will want to enable encryption on all of your pages so that your data streams are 100% covered with SSL.
Misconceptions #2 - “I don’t process payments, so I don’t need SSL”
Some people believe they don’t need an SSL certificate, because they don’t have an online payment portal. This logic makes sense if you think payment information, such as credit cards and banking details, are the only pieces of data cyber criminals and hackers are after, but that is just the tip of the iceberg.
It turns out that information as seemingly innocuous as a simple email address can give persistent hackers a clue of what login credentials they can try to use as a username login for other websites. It only takes one piece of information falling into the wrong hands to unravel your entire security online.
Misconceptions #3 - “SSL slows down websites”
Some people are concerned about differences in speed after implementing SSL, and that is understandable. The good news, however, is that there is no noticeable decrease in speed for most users with modern browsers, as most pages load up in exactly the same way as non-secure websites.
Misconceptions #4 - “SSL will take care of all my security requirements”
Just because your connection is encrypted and secure doesn’t mean the data being transmitted can’t be read at either end of the connection. If your web server is vulnerable to malware and viruses, or has been compromised by a rootkit or Trojan, attackers with access to the web server will be able to read information from the server itself, effectively side-stepping the SSL security features.
This means you will need to ensure your web server is updated, secure, and free of any malware or viruses. Additionally, basic account and password precautions should always be observed, regardless of whether you have SSL running or not. Be sure never to share your login details with anyone, and consider changing your passwords regularly.
SSL certificates from Hostinkos
If you are still unclear as to what an SSL certificate is and whether you need one, ask your hosting company “what are SSL certificates used for? and which can you offer as part of your hosting package?”