Granted, this doesn’t sound like the most exciting of topics.
But if you run your own website, or your business relies on a website, I’d encourage you to read on.
Firstly, what is SSL?
Whether you’ve realised it or not, you see SSL in action every day. Every time you’ve visited a website, and the web address shows up as https://videos-of-cats.com or you see the little padlock symbol in the address bar, you’re seeing SSL in action:
SSL stands for Secure Sockets Layer – but don’t let that put you off, the key word is secure.
It’s a method of keeping the internet connection between your website and the people who use your website more secure.
And that’s gotta be a good thing, right?
OK, so what does SSL do?
I’m assuming you don’t want to know the technical details. To be honest, no-one does.
But at its essence, an SSL Certificate (the thing that allows you to use SSL) does two things:
- It allows you to encrypt all of the data that passes between your website and the person using your website;
- It provides a level of proof or validation that the website in question is ‘who it claims to be’, as opposed to a scam website trying to pass themselves off as someone else.
So that leads me on to our 4 key reasons why you need to think about using SSL …
OK, so this is a real, tangible benefit.
Just think quickly about what happens when you look at a website:
You either type in a website address, or click on a link to the site, right? Fine. When you do that, you are sending a request to that website to send you back the information on that page. Your browser (e.g. Chrome, Safari or – God forbid – Internet Explorer) then displays that information. With a standard (non-SSL) connection, all of this data is sent over the internet connection in an unencrypted form – i.e. it is possible for other people to intercept and read that information, if they were so inclined.
Now for many websites, that’s not a problem – after all, the information’s not secret, right?
But think about some of the other things you do when you’re using a website:
Say you want to interact with that website. Maybe you wanted to request a quote or a callback, and the website asks you to enter your name and phone number.
When you click ‘send’, you are sending your own personal information over the same, unencrypted connection. Now it’s a little bit more worrying that someone else could get their hands on it.
Things get really interesting when you are sending (or receiving) genuinely sensitive information – personal data that should stay personal, or financial information like credit/debit card data.
With a connection that’s secured (properly) by SSL, all of this data is sent in an encrypted form, and you can rest assured that nobody else can access or read it. And that has to be a good thing.
So, from a security perspective, the questions to ask yourself are:
- Is my website exclusively public domain information?
If so, you probably don’t need SSL from a security perspective (but read on for more reasons why it might still be a good idea).
- Do my customers need to send me any personal information via the website? Or does it allow them to log in to the website using a username/password?
Now you’re in the territory where an SSL certificate becomes a good idea from a security perspective alone. Got a contact form that asks people to enter their email address or home address? Worth thinking about.
- Does any genuinely sensitive data pass between your website and your customers?
No ifs, no buts – you need SSL. The website will probably work without it, but you are putting your data – and your customers’ data – at risk without it.
No2: Trust / Identity
OK, so this is a little less obvious.
For you to get an SSL certificate (the thing that allows you to use SSL) in the first place, you need to provide some level of proof of who you are. In its simplest form, it boils down to this: I couldn’t get an SSL certificate for the BBC website, because I do not own or administer that site.
Therefore, it would be impossible for me to run an SSL website that claims to be bbc.co.uk.
What this means is that when you visit an https:// website, you have some assurance that the website ‘is who it claims to be’.
Now, it doesn’t follow that it is necessarily a legitimate or safe website – but it does mean that it is not a scam or spoof website that is pretending to be something it’s not.
Website visitors are getting more and more used to seeing the https:// prefix and the padlock symbol (both of which are evidence of a secure connection) in their browsers. As a general rule, people are more likely to trust the website, and therefore more likely to want to do business with you.
Good news all round.
No3: Google likes SSL
The Holy Grail for most commercial website owners is to ‘rank well in Google’. That is, they want their website to feature prominently in Google search.
Now, in the world of Search Engine Optimisation (SEO), there are myriad different factors that influence whether Google will rank your website favourably – and that could form the basis of a hundred different blog posts.
But one thing we DO know is that, all other things being equal, Google favours SSL websites over non-SSL websites.
For now, the advantage that it brings is ‘lightweight’. But it is an advantage nonetheless, and Google has hinted that it will become a stronger ranking factor in future, because they want to encourage the security benefits that inherent within SSL sites.
So, an SSL website can be used as part of your plan for getting one over your competition.
No4: Imminent changes to PayPal
This is a bit specific, but it applies to a lot of small commercial businesses who take payments on their website via PayPal.
There are good reasons why most small business websites start of by taking all payments via PayPal. For many, it is realistically the only option as they would not qualify for the merchant accounts that are required for other payment processors.
Perhaps the most tangible benefit, though, is the fact that all of the sensitive data handling (i.e. credit/debit card transactions) actually take place on PayPal’s website, and no sensitive data is ever entered onto the store’s website itself. This is why so many people use PayPal Payments Standard – it keeps life (relatively) simple.
But .. but … but ….
PayPal have recently announced a general move towards https connections and – in some cases – an SSL connection will be required for PayPal payments to work fully – and a particular type of SSL certificate, at that.
PayPal’s plan was, originally, that after 30th September 2016, all websites that use the PayPal IPN (Instant Payment Notification) functionality would have to be secured by SSL.
It looks like that date might be moving back into 2017 (to give webmasters time to make the changes), but it does seem inevitable that it will happen.
IPN is the functionality that allows your website to communicate with PayPal in real time. This enables, for example, websites only to complete an online order when confirmation has been received that the payment was fully successful.
So, if your website has any form of payment/e-commerce functionality (including donations), you need to know how this change is going to affect your site. For new websites using PayPal we will be recommending using SSL from the start as it’s just easier that way.
Implementing an SSL certificate is a technical process, there’s no way around it. How easy that technical process is to achieve comes down to what type of hosting you use. Some shared hosting providers are very good and will make the process pretty straightforward.
At Blackbox, when we create client sites on our own hosting, we can manage the SSL process for you entirely, including securing and renewing the SSL certificates as required.
In general terms, you have to pay for SSL certificates, and they have to be renewed periodically. There are a number of different certificate types, with varying levels of cost. The most expensive ones involve very detailed validation of your business, and allow you to use the much-sought-after ‘green address bar’ that you will see on major sites:
Most sites will not require this level of validation, and in many instances the validation process is very straightforward. There are some free SSL options.
I said at the start that it’s not a very exciting subject. But it is important.
If you’re a website owner, or thinking of having a website created, I hope it’s given you some insight into the things you need to consider.
If you’d like to discuss this, or any other website requirement, simply drop us a line via the website. On an SSL-secured form, of course …