WTF is SSL and HTTPS?
Imagine if your premises wasn’t up to building code. One day, the building authority comes past and posts a large sign outside your shop: ‘Warning - Do Not Enter’. And for good measure, they string up some black and yellow caution tape around the front. What happens next?
Imagine if your shop wasn’t up to building code.
One day, the building authority comes past and posts a large sign outside your shop: ‘Warning – Do Not Enter’. And for good measure, they string up some black and yellow caution tape around the front.
What happens next?
Of course, your customer numbers plummet. Casual browsers and walk-ins start avoiding your shop at all costs. They even start walking on the other side of the street.
‘Is that building about to collapse?’ they ask themselves. ‘Or is there a toxic waste dump hidden inside?’ And sales begin to dry up.
This would be a nightmare scenario for many businesses. Most owners wouldn’t hesitate to fork out the cost to get the building code back up to standard.
In fact, there is a digital equivalent of this kind of event. And it might be happening to your business.
Are security warnings scaring away potential customers?
Google recently updated the very popular Chrome browser to display a ‘Not Secure’ warning for websites with unsecured webpages.
That means if you don’t have a valid security certificate – called an ‘SSL certificate’ – your website appears toxic to online passersby.
While the average internet user might not fully understand what the warning means, they trust their browser to highlight these kinds of security risks. As soon as they see a message that says ‘warning, enter at your own risk,’ they stop browsing.
And then off they go to a competitor’s website.
As ransomware, phishing, service hacks and new vulnerabilities emerge every few months, internet users are more conscious about online security.
So, it’s time to make sure your business is up to scratch.
What is an SSL certificate, and why should you check yours?
‘SSL’ refers to a security protocol called Secure Sockets Layer. It adds a layer of encryption to the standard web protocol, HTTP.
An SSL certificate is a set of verified credentials that allow for safe encryption between your website’s server and your user’s browser.
In other words, the difference between ‘HTTP’ and ‘HTTPS’ (as seen in your browser URL bar) is a ‘secure’ layer. And to get HTTPS, you’ll need an SSL certificate.
The key takeaway? An updated, secure server with a valid certificate should provide your business and users with the latest security layer.
(Note: While the SSL protocol has been superseded by a more secure protocol called ‘TLS’, or Transport Layer Security, much of the digital industry still refer to TLS certificates as SSL certificates.)
Why is SSL security important?
First, the obvious point: to protect your users’ data.
If your business manages customer data online, such as logins, personal details and payments, it’s important to keep your users’ information secure from attacks with the latest standards in encryption.
Take, for instance, the recent WiFi ‘KRACK’ vulnerability. This vulnerability affects the encryption standard used for WiFi devices. Without a secure SSL connection, users accessing your site are at an increased risk of an attacker eavesdropping on the WiFi connection and stealing their data.
And even if they’re not transacting financial information, thanks to the prevalence of password reuse, any leaked data could be used to access the user’s other services.
Second, a valid SSL certificate increases the credibility of your website. An SSL certificate will ensure that web browsers, such as Google Chrome, do not flag your website as ‘unsecure’ and scare away potential customers.
Meanwhile, interface icons such as a green padlock next to the URL bar will make your site more trustworthy in their eyes of your users.
And last, but not least, an SSL certificate will boost the SEO performance of your website. In an official blog post from 2014, Google stated that ‘We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.’
There are very a few ‘guaranteed’ ways to improve SEO performance – and having a verified SSL certificate just so happens to be one of them.
How do you get SSL certification?
If you’re lucky, you may not need to worry about SSL. Plenty of ‘off-the-shelf’ web services, such as Squarespace, make the management of HTTPS and SSL certificates easy and in some cases, automatic.
But if your website is not establishing a HTTPS connection (that is, there is no ‘secure’ connection displayed in your URL bar), you’ll need to purchase and install an SSL certificate manually.
You can get certificates from registered online vendors, much like a domain name. In fact, you may be able to purchase from the same registrar you bought your domain name from.
There are also other providers, called ‘certificate authorities’, that offer verified certificates for sale.
Installing the certificate
Once purchased, you will need to download your certificate files. The next step is to access your server’s cPanel or administration dashboard.
From here, you can:
- Refer to your registrar or hosting provider’s support documentation to install the certificate. If you’re looking to install the SSL certificate yourself, be sure to check out this checklist of essential steps. Or;
- Reach out to the web developer that first set up your site, or provide your new web developer with the credentials to install the SSL certificate.
Digital security is now as important as physical security
Online security is not just important for your users, but for your business too.
Protecting your business against digital threats should be as important as installing a new alarm system or ensuring building compliance inside a physical shop front.
From protecting your users’ data to increasing the trustworthiness of your website, an SSL is a simple but essential step in keeping your business secure online.