As web designers and hosting providers, clients often ask us why companies should bother with secure SSL hosting. It’s an added expense and their websites have been working fine up to now – so why change?
But as we’ll see, SSL certification and secure hosting is absolutely essential nowadays. It provides crucial data privacy benefits, may help your online visibility, and it can even help build customer confidence in your brand.
What is SSL?
Put very simply, when you visit a site with an SSL (Secure Sockets Layer) certificate in place, an encrypted link is created between your device and the server the website is stored on. Without this protection, hackers could potentially intercept and snoop on the data being passed between you and the website. This is called a “man-in-the-middle” or MITM attack, and the concept is similar to a telephone wiretap. SSL protection doesn’t prevent the ability to intercept communications, but because the information is encrypted “end to end” it will look like useless gibberish to everyone except you and the website’s server.
How Does it Work?
Websites are delivered to your browser using a method called HTTP or HyperText Transfer Protocol. On its own, this protocol has a simple aim – “get this page where it needs to go”. However, when a site implements an SSL certificate, they become able to harness an extra level of protection – TLS or Transport Layer Security.
Though the core aim of “getting the page where it needs to go” still stands, any data that moves between the site’s visitor and the web server is now encrypted. This secured version of HTTP is called HTTPS.
Why The Sudden Focus on SSL?
With the internet becoming a growing part of our lives, data security has become an important consideration for businesses and private individuals alike. When it comes to ecommerce websites or other places that collect sensitive information like payment details or personal contact information, using SSL and HTTPS has been standard practice for a long while.
However there’s recently been a push towards rolling out SSL on every website, even ones that don’t ask for user information at all. Google have been quite vocal about making this change. Recent versions of Google Chrome and Mozilla Firefox browsers will notify you with a “Not Secure” notification in the address bar when you browse to a page that does not have SSL/HTTPS installed – especially when that page contains a form of some kind.
If either browser feels that a page is particularly unsafe, then they may prevent people from visiting it altogether.
5 Reasons Why You Need an SSL Certificate Today
1) SSL is Good for SEO
Google’s support of SSL/HTTPS isn’t just expressed through their Chrome Browser. Since 2014, HTTPS has also been a minor, yet significant, search ranking factor – with SSL often acting as a “tiebreaker” of sorts when Google has to choose where to rank two equally valuable websites.
A Backlinko study discovered a strong correlation between websites with SSL certificates and ranking well in Google – though correlation is not the same as causation. However, knowing what we know about Google’s growing emphasis on SSL so far, it may be a case of forearming yourself with this new “norm” before search engines decide to make it an even stronger ranking signal.
2) SSL Builds User Trust
As your average web user becomes more tech savvy, the more they’ll know to look out for the signs of HTTPS in their browsers (and more importantly, the telltale signs of a non-HTTPS secured site). As SSL awareness becomes common knowledge, your average web user will naturally tend to favour websites that use it than those that don’t.
Browsers are already warning people away from sites that don’t use SSL; if the threat is deemed severe enough, then this warning may take the form of a full window-sized roadblock in your visitors’ path with scary wording like “warning”, “threat” and “head back to safety”. Not a particularly great look for an SME trying to build trust and confidence in their brand!
3) Can Play a Part in Data Privacy Compliance
At the time of writing, there are no legal or regulatory requirements for SSL specifically. However, SSL does dovetail well with many data security regulations such as GDPR and the Data Protection Act (2018).
For example, Article 32, section 1 of GDPR reads: “Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including […] the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services”.
Though this doesn’t mention any particular security solutions by name, it stands to reason that technology like SSL may count as an “appropriate technical and organisational measure […] to ensure the ongoing confidentiality [and] integrity” of your website and related services, as well as that of your visitors’ data.*
If you don’t exercise good data security practices and a data breach does happen due to your company’s negligence, you may be leaving yourself open to fines, legal fees, and settlement costs*. SSL only protects data collected through your website in transit, meaning there are likely other services you use where a breach could occur, but it’s still a great place to start in protecting people’s data nonetheless.
4) SSL is a Must if Customers Pay You Through the Web
According to GlobalSign, 84% of consumers would abandon an online purchase if their connection with the website wasn’t secure.
If you take payments through your website, you’re probably well aware of PCI DSS compliance – the Payment Card Industry Data Security Standard. This is a universally accepted security standard intended to protect consumers’ payment data online.
Having an SSL Certificate is an important part of becoming PCI DSS compliant. Following on from the potential risks you face from a breach listed above, adhering to robust compliance rules like PCI DSS does make good sense from a business standpoint. If criminals get to know that your website is a soft touch in terms of security, the higher the chance that your customers will fall prey to their schemes. And the more customers who become victims of fraud through using your site, the bigger of a PR problem you may have on your hands further down the line.
5) Legitimately Protects Your Customers
Having an SSL certificate isn’t just some inert badge that shows that you care about data privacy. It’s a practical technology that strongly encrypts communications between your users and your website in transit. The internet is a vast interconnected network of networks, and wherever hackers may try to intercept communications between the server and user, they’ll only see useless nonsense. The only two parties with the code to decrypt that information will be the individual user device in question and the web server.
This understandably protects yourselves and your users from any malicious snooping, especially in our world of open WiFi connections and data privacy worries.
If your site is still not secure, there’s no time like the present to invest in HTTPS/SSL hosting. OLCO Design offer reliable, high-spec website hosting with UK based servers and responsive support staff. Learn more here or get in touch with the team at OLCO today!
* Disclaimer: This is provided merely as a guide and should not be considered legal advice. OLCO Design Limited are not legal professionals and you should always seek your own independent legal advice.