The internet is a wonderful place to do business because of how easy it is for your customers to find you online. The problem is, they are not the only ones taking an interest in your online activities, business or otherwise.
There are criminal elements that want your data to make a quick buck, putting your business and finances at risk. They are able to do this by intercepting communications between your website and your customers, committing what’s known as a man-in-the-middle attack.
These attacks have become ever more common in recent years, leading to an explosive rise in cybercrime. How much growth are we talking about? Statista reveals that 2017 saw a massive increase in data breaches, rising from 1,093 in 2016, to 1,579 in 2017; that’s a 44% increase in one year!
The stats are likely to be even higher for 2018, as the trend continues to grow. It can be scary, especially if you are not sure how to protect your business or your clients from malicious hackers on the internet.
Fortunately, there is a solution that is both easy to implement and works like a charm: SSL encryption. We will explain the most effective method of locking down your website while giving yourself some bonus benefits like having your website show up in more search results, as well as a safety boost.
The Importance of SSL Certificates
How many of us have actually taken the time to understand what SSL Certificates are and what they do? If you are like most people, the answer to that is probably not that much.
SSL, or Secure Socket Layer, is an encryption protocol that takes the session information between clients and servers and makes it indecipherable to anybody else who may be trying to eavesdrop or intercept it. This makes it impossible for external parties to read any meaningful information from intercepted traffic, and creates an all-round safer browsing experience for you and your clients.
Recently, browser updates, like Google Chrome’s Update 62, have started displaying warnings when a website that is being accessed doesn’t have SSL running. This creates a scary looking prompt that denies access by default until the hidden “Proceed” button is clicked. The “Proceed” button can only be accessed after the “ADVANCED” link is selected.
This deterrent highlights the shift in security consciousness of the average internet user. Users are far more likely to close your webpage if they are greeted with the news that your site is not secure.
If that was your website, you could have just lost out on another customer. These messages and prompts have the potential to reduce traffic to your website just by having an additional step to access your content, which will end up costing money in the end.
Worse still is that not having an SSL certificate means your website is also going to suffer in the Google rankings department. Why? Because websites that begin with insecure “http” prefixes are automatically ranked lower than SSL-equipped sites, which all start with “https.”
Google does this to ensure the most secure search results appear higher up in the list, as opposed to non-secure websites that get pushed down, or omitted entirely.
If you have a mail server or any other internet facing service that has confidential data in it, you will definitely need SSL certificates installed. This will prevent your sensitive data from being intercepted or tampered with, giving you peace of mind and added security.
Common Misconceptions About SSL Certificates
When it comes to technology in general, people are sometimes apprehensive about changing over to new things, and SSL certificates are a prime example. Other times, people hear the same incorrect information over and over again and then internalize it as fact. Below are some of the most common things people mistakenly think about SSL certificates, and it makes for some interesting reading:
“I only need SSL on my login page”
This is not a good idea. Once you have logged in, hackers are far more likely to hijack your session if your landing page is not secured. Since you have already logged in, they already have access to your profile. You will want to enable encryption on all of your pages so that your data streams are 100% covered with SSL.
“I don’t process payments, so I don’t need SSL”
Some people believe they don’t need an SSL certificate, because they don’t have an online payment portal. This logic makes sense if you think payment information, such as credit cards and banking details, are the only pieces of data cyber criminals and hackers are after, but that is just the tip of the iceberg.
It turns out that information as seemingly innocuous as a simple email address can give persistent hackers a clue of what login credentials they can try to use as a username login for other websites. It only takes one piece of information falling into the wrong hands to unravel your entire security online.
“SSL slows down websites”
Some people are concerned about differences in speed after implementing SSL, and that is understandable. The good news, however, is that there is no noticeable decrease in speed for most users with modern browsers, as most pages load up in exactly the same way as non-secure websites.
If you are hosting your website yourself, then you could look at upgrading your web server to accommodate any increased performance loads due to encryption, but it is unlikely to be a problem.
“SSL will take care of all my security requirements”
Just because your connection is encrypted and secure doesn’t mean the data being transmitted can’t be read at either end of the connection. If your web server is vulnerable to malware and viruses, or has been compromised by a rootkit or Trojan, attackers with access to the web server will be able to read information from the server itself, effectively side-stepping the SSL security features.
The same can be said for the user’s side of the connection. If malware such as key logging software is already loaded onto a device such as a smartphone or laptop, data like passwords and usernames can be intercepted directly from the computer’s keyboard input, rendering the SSL connection useless.
This means you will need to ensure your web server is updated, secure, and free of any malware or viruses. Additionally, basic account and password precautions should always be observed, regardless of whether you have SSL running or not. Be sure never to share your login details with anyone, and consider changing your passwords regularly.
What About TLS? Isn’t It Better Than SSL?
This is where things can get confusing. TLS (Transport Layer Security) is a phrase people have started to hear more often in recent years. The truth is that SSL and TLS are part of the same protocol suite. In fact, most technologies such as VPNs will list SSL/TLS together as one of the security measures they have in place as a connection method for private browsing.
The reality is, these two protocols are the same thing — a digital certificate that encrypts data between two parties and keeps your information safe. TLS is merely an updated version of SSL, and TLS certificates are also called SSL certificates. The best thing to do if you are unsure is to ask your provider which you have, and they can assist you.
Search Engine Optimization and SSL
We already know Google has started rewarding websites that have implemented SSL with better search visibility, but how else does having an SSL certificate benefit your website’s search engine capabilities? Well, it might not be an obvious advantage when we first look at the way Google treats SSL-Certified websites versus standard ones.
When Google generates almost identical search results in terms of relevance, the SSL status of each website will then act as a tiebreaker in the most secure website’s favor. This means that SSL is not a magic bullet to fix your search rankings, but is instead an enhancement that needs to work together with all of your other SEO measures.
If your website shows up in Google searches more often, you will receive a bump in network traffic. That increase in traffic has the potential to bring in more customers, giving you a competitive edge over your rivals. This is an excellent perk, and by the looks of things, Google will not be changing this any time soon.
Once you have figured out where your website’s weaknesses are, you can start getting to work to fix them. The majority of the above suggestions can be done yourself, but most hosting companies will be able to do all of it for you, if they haven’t already.
If you haven’t yet created a website of your own, or you are looking to expand your current website to include additional functionality, such as an online store, make sure you follow our recommendations throughout this article before you do anything else. It will save you a lot of time in the long term.
Once you have established that there are security problems within your website and you want to implement SSL, you need to check how to install it throughout your site. There are plenty of options to do this, but the three most popular ways of going about this are:
- Single SSL Certificates: As the name suggests, single SSL certificates protect only one subdomain, also known as a hostname. This means that if you own the website www.mywebsitename.com, your SSL certificate will not protect ww1.mywebsitename.com, or any other subdomain that differs from the part of your website that displays the www.
- Multiple SSL SAN: These types of certificates cover multiple domain names with a single certificate. That means if you have www.mywebsitename.com and www.mywebsitename.net, you can cover both with the same certificate.
- Wildcard SSL: Wildcard SSL certificates allow you to secure many different subdomains with one certificate. This is the most flexible option because you do not have to declare each subdomain at the time of purchase. You simply enter the address you would like to have protected by the certificate and then it will take effect. “Wildcard” refers to the asterisk that precedes your subdomains, for example, *.mywebsitename.com would cover any prefix that you had registered for each subdomain.
SSL certificates are more than just a “nice to have” feature for your website. The reality is, they have become a necessity if you are going to run a successful website that is safe for your users. It may not be compulsory to use an SSL certificate, but the rate at which unencrypted web traffic is intercepted, and the frequency that user computers and web servers are becoming compromised, is alarming to say the least.
So, where does this leave you, the average web page owner? Well, there are options to help mitigate the risk of running an insecure webpage, chief among which is the implementation of SSL certificates. It is only through this implementation that you will be able to reap both the rewards of higher search visibility through Google and enhanced security through encryption.
The end result is that your website will, by all appearances, be a more secure and official looking platform for your users to connect to. This helps to build your brand and lets your users know you take security seriously.
This ultimately reflects positively on you and your business, and helps you to stay ahead of the competition if they have not yet adopted SSL certificates for their websites.
Do you have SSL Certificates on your website? Or do you have any concerns about them? Let us know in the comments.