If you’ve visited a website and seen that little padlock symbol next to its name in your browser, you’ve already seen SSL in action. When browsing or buying online, a lock icon in the address bar shows your connection is secure. This icon instils user confidence and trust in the website. Only sites with SSL certificates will display this symbol of security, i.e. HTTPS sites.
SSL, which stands for “secure sockets layer”, is a way of preventing interception and interference with the communications between browsers and websites. To do this safely, it verifies the identity of the website operator and incorporates that verification into the encryption it uses to protect the message.
When you have an SSL “certificate” installed, your website can be accessed using the HTTPS protocol (“Hypertext Transfer Protocol Secure”) instead of ordinary HTTP. Behind the scenes, certificates consist of complicated algorithms and protected communication channels. Without certificates, hackers can intercept information which can include anything from financial transaction details to personal data entered into an online form.
Getting an SSL certificate not only protects against data theft, it also benefits your website in the eyes of search engines and customers.
The number one reason any responsible website owner should have SSL is to prevent their customers having their financial details stolen. Credit card details, personal information and passwords are all at risk of theft whilst unencrypted. However, if that’s not incentive enough, there’s also the risk of huge fines if data is stolen because you have failed to comply with regulations such as PCI or GDPR.
Another very good reason is that failing to have SSL can jeopardise your online reputation. If your website doesn’t have an SSL certificate in place, it’s going to show a ‘not secure’ label in the address bar next to your domain name. Virtually everyone knows that there are risks involved with shopping on the internet and when much-trusted companies like Google or Microsoft start warning you that it isn’t safe to give your personal or financial details to a website, you are likely to take notice.
If you are concerned about your website’s SEO, Google has declared that it gives a small ranking boost to websites that use HTTPS. Why, after all, should Google, Bing or Mozilla risk sending one of their valued users to an unsecured site when there are plenty of safe ones to choose from?
Using SSL also brings another benefit. HTTPS is quicker than HTTP so your site loads faster. As this is also a ranking factor used by search engines, you have an even better chance of higher rankings.
When it comes to technology in general, people are sometimes apprehensive about changing over to new things, and SSL certificates are a prime example. Other times, people hear the same incorrect information over and over again and then internalize it as fact. Below are some of the most common things people mistakenly think about SSL certificates, and it makes for some interesting reading:
This is not a good idea. Once you have logged in, hackers are far more likely to hijack your session if your landing page is not secured. Since you have already logged in, they already have access to your profile. You will want to enable encryption on all of your pages so that your data streams are 100% covered with SSL.
Some people believe they don’t need an SSL certificate, because they don’t have an online payment portal. This logic makes sense if you think payment information, such as credit cards and banking details, are the only pieces of data cyber criminals and hackers are after, but that is just the tip of the iceberg.
It turns out that information as seemingly innocuous as a simple email address can give persistent hackers a clue of what login credentials they can try to use as a username login for other websites. It only takes one piece of information falling into the wrong hands to unravel your entire security online.
Some people are concerned about differences in speed after implementing SSL, and that is understandable. The good news, however, is that there is no noticeable decrease in speed for most users with modern browsers, as most pages load up in exactly the same way as non-secure websites.
Just because your connection is encrypted and secure doesn’t mean the data being transmitted can’t be read at either end of the connection. If your web server is vulnerable to malware and viruses, or has been compromised by a rootkit or Trojan, attackers with access to the web server will be able to read information from the server itself, effectively side-stepping the SSL security features.
This means you will need to ensure your web server is updated, secure, and free of any malware or viruses. Additionally, basic account and password precautions should always be observed, regardless of whether you have SSL running or not. Be sure never to share your login details with anyone, and consider changing your passwords regularly.
An SSL certificate can be obtained from your web host and, in most cases, the host will be able to set it up for you. If you are still unclear as to what an SSL certificate is and whether you need one, ask your hosting company “what are SSL certificates used for? and which can you offer as part of your hosting package?”