Why have an SSL Certificate?

gdpr

SSL certificates (Secure Sockets Layer) are now a must have for business websites.

Here are seven reasons why.

  1. An SSL certificate will give credibility and reassurance to visitors to your website.
  2. Browsers (Chrome, Firefox, Safari etc)  will mark the site as safe to visit and transact with (as opposed to being marked unsafe).
  3. SSL certificates confirm that the domain name has been verified as genuine.  They can also verify business details.
  4. Customer contact information and credit card details can be submitted securely via the site using encrypted code technology.
  5. Google will rank your site higher than non SSL sites.
  6. The https designation will prevent your site being blocked in searches by security ware or web filters.
  7. GDPR legislation expects you to take all reasonable steps to safeguard customer data or credit card information if you collect it via your website.  SSL is an essential safeguard.

And here is the detail

What is SSL?

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers. The certificate also provides further verification that the name of the website and domain name, the registered business (if added) to which it belongs and the email address associated with it are one and the same.  This provides a further layer of assurance for potential customers that the business that the website represents is what it claims to be.

Once issued the SSL certificate then qualifies the website for a padlock symbol in the browser top left next to the domain name, with the message ‘your information is secure when sent to this site’.   Without the SSL the padlock is missing, and the message currently reads ‘you should not enter any sensitive information on this site (for instance passwords or credit cards) because it could be stolen by hackers.  Once applied your website can be changed from the insecure http: designation to the secure https:  (s for secure).

Future messages are going to be stronger and clearer, with insecure sites clearly labelled as such.

How to get one?

You can buy an SSL Certificate from any number of companies.  There are three types of SSL Certificate available today; Extended Validation (EV SSL), Organization Validated (OV SSL) and Domain Validated (DV SSL). The encryption levels are the same for each certificate, what differs is the vetting and verification processes needed to obtain the certificate and the look and feel of in the browser address bar.

For most purposes domain validation is enough.  This will make transactions secure, verify the domain, qualify for the secure symbol and safe to visit message, and give you the safe search and enhanced Google ranking.

The cost varies from below €40 pa if you buy a DV cert for several years at a time to anywhere up to €400 pa for full EV certs – depending on the company you buy it from.

How to apply it?

The essential thing is to have access to your website dashboard, your server and a domain based email address such as postmaster@yourdomain.com.  Once bought the certificating company/host will issue a Private Key and Certificate Key to add to the site at the server, confirmed via your domain based email. Once added at the server end you can change the designation of your website from htttp:  to https:

Update the website

Once the certificate is successfully added to the server, update the website to its new https secure status.  Change all urls on the site, including images and internal links from http to https.  This may involve reloading images.  Update Google Analytics too to list the sites https version. Check that the plugins and other parts of your website are also https compliant.  Otherwise browsers and Google will continue to mark the site unsafe.

GDPR

The new GDPR General Data Protection Regulation is a further reason to employ SSL.   While the regulations due on 25th May do not set out specific rules of compliance, the broad guidelines are clear.  Companies are expected to take all reasonable steps to ensure the safe storage and transfer of customer data.  As UK information commissioner Elizabeth Denham puts it “The new legislation creates an onus on companies to understand the risks that they create for others, and to mitigate those risks.”  Mitigating risks includes reviewing and securing how data is collected online.  SSL is an obvious safeguard that you should make.

Google

Google issued this advice to web masters in 2014.

“Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default.  A big part of that is making sure that websites people access from Google are secure.  …We are calling for “HTTPS everywhere” on the web. ..We’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web”.

Since then more and more sites are switching to https, and while Google are prioritizing these sites in search ranking, web malware systems such as McAfee are blocking many http sites.  Together with the enactment of GDPR, SSL certification is likely to become the norm for all business websites.  If you haven’t done so, it is time to update yours.