What Is SSL, And Why Should My Site Have It?
As a site owner or even just as an Internet user, you may have heard whispers about SSL lately. A tech-savvy friend might have stressed the importance of using "secure sites", or you may have seen an article announcing Google's new favouritism for SSL. Maybe you read about the Heartbleed incident a few years back.
You may have brushed those mentions off. After all, what does some vague technical acronym have anything to do with you?
But the truth is this: SSL keeps your business safe.
How? It is an Internet security protocol that is used to encrypt information as it travels between the website server and your customers' computers. This prevents mischief-makers from intercepting, reading, or changing that information as it travels.
SSL (which stands for Secure Sockets Layer; you can read more about it here) isn't a new thing — it's an established and reliable technology that's been around for decades. It gets adopted more widely every year as the Internet gets bigger and more threats — from minor Internet vandals to malicious hackers —arrive to take a slice.
The sooner it's on your website, the sooner your customers — and you— can reap the benefits.
What is SSL?
SSL is sometimes used synonymously with HTTPS, though the two are slightly different: HTTP is the type of connection, and HTTPS tells a computer to encrypt the connection using SSL. It's great for a site to have. You can tell when a site is using SSL because you'll see a green padlock in the left corner of your browser when you visit. That padlock means that the site owner has verified that they are who they say they are, through a neutral third party that is trusted by Firefox (or Chrome, or Edge, or Safari, or whatever browser you use).
SSL works the same way on every browser. For users who know about it, the green padlock is a strong signal of trustworthiness. Most computer literacy classes and articles about "how to stay safe on the web" mention it, so an increasing percentage of your customers will be watching for it.
The people who don't know to look for the green lock need the protection even more than those who do because they are more vulnerable to being taken advantage of.
Warning: You should never send sensitive information (bank information, credit card data, personal identifying information, etc.) to a website without the padlock icon.
Who uses SSL?
All major social media sites (Facebook, Twitter, reddit) are using SSL already. All search engines (Google, Bing, Yahoo) and all major eCommerce sites (eBay, Amazon, Shopify, Etsy) are on board as well. Even the Government of Canada is in the game. Click that link and look for the green padlock:
Why does your website need SSL?
Search Engine Placement
Google has a vested interest in making sure that they don't send their users to fraudulent websites that will rob them, so they are beginning to insist that websites implement SSL. Starting last year, SSL-compliant websites have enjoyed a boost in Google search rankings compared to their non-secure counterparts. We expect Google to enforce this more strictly as time goes by.
As a site owner, you should have a vested interest in keeping your customers safe as well. Credit card numbers and addresses need to be protected. Even simple contact forms should have encryption, to prevent others from intercepting your clients' messages to you.
For example, a customer makes an appointment through your company website. Somewhere between the customer and your website is a hacker who is eavesdropping for anything interesting. Even apparently innocuous information could be useful: mailing addresses, usernames, credit card numbers, personal details. What if the hacker intercepts that message, and makes an appointment with the person to send burglars to their house instead? Or calls your customer and requests an up-front "deposit" to an unrelated bank account? Your customer gets robbed, and you get blamed.
How to hamper the hackers? With SSL!
A website visitor is filling out a form on your website:
Without SSL, the hacker sees I'll be home after 3 pm on Wednesday.
With SSL, the hacker sees 784R16ur7U0P3w3wR0Gf8956Bi70j16O351690417598Am
Or let's say a user tries to visit a site on the Internet, like www.accentinns.com. Normally a website request is passed from server to server until one is found that knows which computer (web server) the site is located on. But a malicious server can claim it has the site, and send its own version instead.
It might be disguised to look like the same site, but the content is under control of the malicious server, and any content sent through it — like contact information — goes right to the attackers. You will be blamed by your customers if this happens, even though it's not your fault. Accent Inns, linked above, recently realized the danger of that scenario, and opted to start using SSL across their entire site (instead of just for the reservation system as they had previously done).
We want our clients to be successful. At a certain point, SSL is no longer optional.
We'd rather you have it before it's necessary, and not after.
Some say the Internet is a shambles made of Lego, string, and chewing gum, and it gets bigger every day. Those who help build parts of it, like the dedicated team at Radar Hill, spend a chunk of our time shoring it up, reinforcing the weak points, and making it more secure in an effort to keep our clients — and their clients — safe. SSL is part of the effort.
Your website needs an SSL to:
1. Protect your website visitors,
2. Protect your website content,
3. Improve your Google ranking.
Contact us today to make your website more secure with SSL.