Have you ever noticed the little padlock image to the left of a website address in your browser and wondered why some sites have them and others don’t? The padlock indicates a site is secured with a Secure Sockets Layer (SSL) certificate. If your business website doesn’t have an SSL Certificate, it could hit you in the pocket – weakening your bond of trust with customers and reducing your online presence in the marketplace.
SSL was developed by the now-defunct Netscape browser and introduced in 1995. An SSL Certificate shows you have an encrypted connection between your web server and customers’ browsers. While the complexities of the technology behind SSL are deliberately hidden from users, people looking online for a business like yours will likely see instantly whether your site has an SSL Certificate. For instance, if your site is SSL protected, Google Chrome will display in green with a padlock symbol the website address (the URL – Uniform Resource Locator) as “Secure | https.” HTTPS stands for HyperText Transfer Protocol Secure. Without an SSL Certificate, a red triangle “Not Secure” alert will appear in the browser bar, warning visitors that any sensitive information they give – like passwords, email addresses, or credit card details – may be stolen.
How Does SSL Work?
SSL protects your business and your customers from digital theft by setting up a coded connection between your website and their browser. It creates two cryptographic systems – a Public Key and a Private Key – that allow a web server to establish a coded link between the website and web browsers. This encryption is the most effective way to achieve data security. A password or key is needed to view the original file. Unencrypted data is known as plain text, while encrypted data is called cipher text. Any data you convey to the destination server stays encoded until it’s received, preventing anyone from intercepting your information en route – a third-party data breach. It’s worth noting, though, that SSL can’t stop direct attacks on servers and computers – your computer needs robust anti-virus software, and the server should have its own inbuilt security precautions.
Why Website Security is Crucial for Your Business
Any website without security is a potential target for hackers hunting for sites vulnerable to data breaching as well as for hiding malware. How easy it is for felons to steal online information about people was highlighted in 2015 by a cyber raid on communications giant TalkTalk, which netted more than 20,000 bank account numbers and sort codes. However, it’s not just big corporations that fall prey to data thieves, who are increasingly targeting small businesses, which they see as a softer target than big companies and major banks.
The importance of website security for small businesses was underlined in 2015 by a leading figure in the field – Kirk Hall, a member of the Certificate Authority Security Council (CASC). Hall said that if small businesses failed to prioritize web security, they would lose business as both prospective and existing customers turned to competitors who protected their personal information. Another point to bear in mind is that personal information stolen from websites can be used to carry out identity theft. Digital ID thieves often sell people’s information on an ongoing basis on the Dark Web, where transactions cannot be traced.
Benefits of Having an SSL Certificate
Besides helping to shield you from cybercriminals, an SSL Certificate demonstrates to your current and potential customers that you’re taking critical measures to protect them from data breaches. This helps to maintain and enhance brand credibility and the bond of trust that’s imperative between small businesses and their clients. For example, if your site doesn’t display security verification, a potential customer could look elsewhere. If they get the peace of mind of security certification, they know they’ll be safe in your hands. A further benefit of having an SSL Certificate is that major search engines are cracking down on websites considered as insecure. For instance, Google – the world’s largest search engine – now looks at SSL certification as part of its ranking process, so the absence of an SSL Certificate will reduce your visibility in search rankings. On the other hand, a Secure Sockets Layer will help to boost your positioning in search engine results pages (SERPs) – vital for potential customers to find you online to boost your visitor traffic and revenue.
What Does It Cost to Have An SSL Certificate?
It used to be that SSL certificates were only relevant to eCommerce or financial websites where sensitive information like credit card or account numbers might be transmitted. At that point, if you wanted an SSL certificate, you had to pay your website host an extra fee for an annual license that might range from $50-$200 per year.
Once Google made an SSL certificate a best-practice that was going to weigh heavily in it’s ranking algorithm, many hosting companies now include the SSL Certificate as part of your annual hosting package. Most of the hosts I’ve encountered use a nonprofit security certificate from Let’s Encrypt SSL. If you are in the process of considering a hosting plan or renewing one, check to see if they include the SSL certificate vs. charging you extra. In my opinion, if it’s not included, keep looking for a new host. Several reputable hosts include Siteground and Flywheel and they offer hosting at various price points.
Keeping Google – and Your Customers – Happy
Having an SSL Certificate is one way to follow Google’s guidelines for websites that can give your business an essential advantage over competitors with less professional online platforms. Website security like SSL is critical to safeguard your business from cyber crooks by preventing “man-in-the-middle” attacks. It will also demonstrate that you realize the importance of protecting your customers’ financial and personal information, which will help you maintain a high level of trust among your clients. While security has always played a critical role with financial websites and in e-commerce, many other types of business sites are now including data protection measures as a standard feature.