Why Your Website Must Be SSL Compliant
As internet technology evolves, website best practices transform from courtesies to mandatory elements. For example, firewalls were once used only by tech-savvy enthusiasts. Today, most people wouldn’t dream of using a computer without a firewall. With cybercrime on the rise, providing an encrypted connection has become one of many security elements visitors have come to expect.
Website security is a big deal. Every bit of data transferred across a network is susceptible to being intercepted mid-transfer. While encryption can’t prevent hackers from stealing data, it does ensure stolen data remains unreadable. Encryption uses a complex algorithm to scramble data streaming across a network, making it unreadable by anyone without a decryption key.
Secure Socket Layer encryption, or SSL, is a high-level encryption standard that uses both asymmetric and symmetric keys to authenticate data and secure it. SSL uses a public key from the website server and a private key from the user’s browser. Since both keys are needed, an SSL certificate is a package of information that delivers a public key to the user.
Once a secure connection is made, all data transfers are constantly encrypted in real time by something called a cipher. This is where the word “decipher” comes from. When you decipher data, you convert it into normal language.
When an SSL encrypted connection is terminated, so is the private encryption key; a new key is generated for each connection. To learn about SSL encryption in-depth, check out this Beginner’s Guide to SSL.
Website encryption has been standard for a while, but some website owners have been dragging their feet. If you haven’t given serious consideration to securing your website with SSL, here’s why you can’t put it off any longer:
SSL protects your visitors from identity theft
You care about your visitors – they’re the reason you’re in business. Protecting their data from hackers should be your number one priority.
Chances are, visitors submit some kind of information through a web form on your website. It could be a simple signup form, an account login page, or a complete e-commerce transaction requiring credit card information. All of this data is susceptible to theft and should, therefore, be encrypted.
It makes sense to encrypt an e-commerce website that handles credit card information, but what if you don’t sell anything on your website? What if you run a blog, and only collect email addresses from your followers? Even if your visitors only submit their name and email address, that transmission needs to be encrypted because hackers piece together information from various sources to eventually steal someone’s identity.
All visitor data needs to be protected
Any website with user accounts should use SSL encryption to prevent account information from being stolen. Stolen account information is how cybercriminals obtain enough information for identity theft.
Against good advice, many people reuse passwords for multiple accounts. Once a hacker has an email address and a password, they’ll use that password to gain access to other accounts they can find. Most user accounts have a personal profile where people provide links to their other accounts; it’s all low hanging fruit for the cybercriminal. If your website visitor uses the same password for their Twitter, Facebook, or Instagram accounts, leaving their data unencrypted could cost them more than a compromised account.
Protecting your visitors’ data is no longer the only reason to use SSL. Browsers are starting to monitor and inform visitors of the presence of SSL encryption, and Google officially made SSL encryption a search ranking signal.
Using SSL makes you look better and rank better on Google
On August 6, 2014, Google reinforced its commitment to making the internet secure by informing webmasters everywhere that the presence of SSL/TLS encryption is officially a lightweight search signal. At the time, Google said the signal would affect fewer than 1% of global queries, but they might strengthen it in the future to encourage website owners to switch to HTTPS.
Browsers are telling visitors if your site is secure
A securely encrypted website connection between a client (visitor) and the server (website) is what enables the use of the HTTPS protocol. Google not only gives more weight to websites using HTTPS, but its popular browser, Chrome, warns visitors when a website is not using HTTPS.
In September of 2016, Emily Schechter from Chrome’s security team published an announcement that Chrome was going to start labeling HTTP connections non-secure. A small information icon (i) with the words “not secure” are displayed to the left of the webpage URL in the address bar. As of January 2017, all HTTP pages, including ones that collect passwords or credit card information, are being marked as non-secure. In the future, Schechter says the HTTP security warning will be a red triangle with an exclamation point in the middle, currently used for broken HTTPS.
Firefox implemented a similar strategy to warn of password security vulnerabilities. When login credentials are requested over HTTP, Firefox gives a warning to the user by placing a red slash through a lock symbol in the URL bar. According to the Firefox security team, each page is checked against the W3C’s Secure Contexts Specification to determine whether it’s secure.
Firefox and Chrome are popular browsers, and these warnings may not look sinister today, but given time, they will evolve, and it’s only a matter of time before visitors start bouncing from unsecured websites.
SSL protects public Wi-Fi users unaware of potential threats
A secure browser connection prevents Man-In-The-Middle (MITM) attacks, which are fairly common, especially on public Wi-Fi.
Unfortunately, consumers don’t realize the urgency of securing their own data over public Wi-Fi. Studies have shown that over 60% of Wi-Fi users believe their personal information is protected when using public internet. About 50% don’t know they’re responsible for securing their own data, with 36% believing it’s either the website owner or Wi-Fi providers job.
Although everyone should do their part to protect their data, at the end of the day, the website owner will take the legal blame if data gets stolen. Even when a consumer is careless with data security, they can sue a business for any data breach that caused them provable harm.
Get hosting from a provider that offers SSL
Your visitors depend on you to protect their data. You might not have SSL enabled, or you might find it difficult to implement site-wide. At Skylands, we offer SSL encryption and handle the setup for you.
Contact us today to find out how our fully managed boutique hosting can create a secure website connection for your visitors.