If you own a website it is highly likely you will need to have a SSL certificate installed sooner rather than later or find Google (and other search engines) visibly labelling it as 'insecure'. This could result in your site visitors unsure whether or not they can trust it. Obviously, this could have important repercussions for your business.
Indeed, Google are already displaying sites without a certificate as insecure and the rumours are that somewhere down the line, they will even block such sites from the internet altogether! For E-commerce websites that process financial transactions, the imperative is even clearer as some payment providers may not permit their systems to be installed on insecure sites.
Here are just some of the main benefits of having SSL certification
• Make Google happy! Google favours secure websites in search results so if you have a HTTPS encryption you'll boost your chances of being ranked higher.
• Improve credibility - A digital certificate proves your site is trustworthy. This is vital if you collect sensitive information like credit card details through online transactions.
• Enjoy complete privacy - Any information transferred through your website is encrypted when an SSL certificate is applied ensuring confidentiality for the end user.
• Protect against fraud - Defend your business and your customers against possible threats of online fraud and information hijacking, also known as phishing.
See below for some useful further reading. But don't just take my word for it - do your own Google or internet search on the subject too!
Effectively, it's an electronic passport. SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser.
This link ensures that all data passed between the web server and browsers remain private.
An SSL Certificate has the following information:
• Name of the site holder or adminstrator acting for the site owner
• Serial number and expiration date
• Copy of the certificate holder’s public key
• Digital Signature of the certificate-issuing authority
Certificates work by the website and/or company/business being subject to certain authenticity checks by the organisation issuing the certificate. Once the organisation is satisfied then the certificate will be issued. Any sensitive information is then encrypted making the site more secure and trusted.
If you have a site that stores information of visitors, you need SSL on your site. Without SSL, the data transfers in text format which is an insecure way of sending data. SSL protects the data by wrapping it in an encrypted layer.
If you don’t have the SSL certificate, a secure connection cannot be established, that means, your company information will not be digitally connected to a cryptographic key, potentially leaving your site open to hacking especially if you collect or process any user information over your site. This means Google, and other search engines, will list and 'flag' the site as 'insecure'. Google already penalises insecure websites by lowering their ranking as part of their ranking algorithm criteria. Google is pushing webowners to implement SSL certificate on their sites. The aim of Goole is to become a trusted Search Engine. To do that, Google has to show only secure site in the results. That’s why Google is starting to give a rank push to certificated sites.
Why are SSL Certificates Critical?
1. Certificates encrypt sensitive information
The information you send on the Internet is passed from computer to computer to get to the destination server.
Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted.
When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to.
2. Protects You From Cybercriminals
It is impossible to escape the rising tide of cybercrime if your website doesn’t have an SSL certificate. Cyber criminals will identify weakness(es) in your network - usually when information is transmitted through forms or financial transactions.
In most cases this will be from your web hosting provider or the person that manages your website hosting for you may be able to organise it for you. There are several different certificates with varying features depending on the business needs and the depth of security required. Most providers charge an annual fee for the certificates though some may include them when you buy their other services.
Acquiring a certifcate is one thing. Installing it and verifying it is quite another. It requires specialist knowledge and access to the servers of your website. These areas are not usually accessible as a great deal of damage can be done if you are unfamiliar in this area. If you have your hosting managed for you by Silver Lining Graphics I can handle this entire process for you. See further down this page for details on the types of certificates available and their corresponding prices. If you have your website hosted elsewhere you will need to contact your own hosting provider.
Go to a web browser and type in the URL or name of your website in the address bar. If your website name starts as http:// this means there is no certificate installed and your site is insecure. If it starts with https:// (note the letter 's') this means it has a certificate and has a degree of security. If you don't see the name in this form the browser may display a padlock symbol. If the site is insecure the padlock may have a line through it showing as insecure and when you hover your mouse over it a message appears stating the security status. Sites with a certificate may show a green padlock or similar indicating a secure site. Actual icons and status confirmations vary from browser to browser.
Although it is far more important that a certificate is in place for e-commerce sites and sites with some kind of data collection form, it is still wise to get one for your website if it does not have these features. Your site will still be flagged as 'insecure' by web browsers and may be penalised by them in the form of lower ranking in search results. Eventually, some browsers may even refuse to display insecure websites.
If you simply want to provide a secure connection and verify your domain is genuine, I recommend QuickSSL Premium SSL as you will be up and running in under 24 hours.
For businesses, if you want to show your visitors you are an authentic organisation, the True Business SSL cert would be a good choice as GeoTrust vet and validate your company.
True Business ID with Extended Validation(EV) is used by companies who have a high number of online transactions each day. With this certificate your company will be extensively vetted by GeoTrust. Once in place, your visitors will be able to see your company name in the padlock section of the address bar. This gives them added reassurance that your site is safe.
This depends on the type of certicate purchased. The basic entry level certifcate can be effective in just a few hours after purchase although 24 hours is recommended for the settings to take full effect. The more fully featured certicates require more thorough verification checks by the certification issuing organisation and can take up to 2 weeks.