As the younger generation might put it, SSL encryption is pretty wicked. This fiendishly clever technology turns data sent between a user’s browser and your website into garbled nonsense; so, if it gets intercepted by hackers on route, the nightmare of seeing your customer’s credit card details vanish into thin air isn’t going to happen. However, as if by magic, once the data arrives safely at your website, it is decrypted and the information is restored to its original format.
This piece of technological wizardry is now essential for any business that accepts payment from customers on its own website and is more or less compulsory for every other site too. One of the chief reasons is that, since 2017, browsers have been warning visitors that sites without SSL encryption are not secure and this is scaring customers away.
Why browsers are warning users
Quite simply, search engines have a responsibility not to send users to sites that are potentially going to cause them harm. While your business is undoubtedly legitimate, not having SSL means there is a chance that data could be stolen in transit and so Google, Edge and Firefox have a duty of care to warn them. In doing this, Google, Microsoft and Mozilla are sending a clear message to website owners to do more to protect their customers.
How SSL works
If you don’t have SSL, your website URL will begin with the letters HTTP. This stands for HyperText Transfer Protocol, the set of rules which govern the transfer of data over the internet from one machine to another. A more secure version of this is HTTPS, with the extra ‘S’ standing for ‘Secure’.
The increased security provided by HTTPS comes from encryption. When a visitor goes to an HTTPS website, the session is encrypted using an SSL Certificate. An SSL certificate (SSL stands for Secure Sockets Layer) is a file which attaches an encryption key to your site. This provides a secure connection between a user’s browser and your server, preventing hackers from getting hold of the data as it is in transit.
The SSL certificate acts as a form of trusted intermediary that authenticates the connection to your website. It does this by ensuring the encryption key really belongs to the server that hosts your website.
Why you need an SSL certificate
The number one reason any responsible website owner should have SSL is to prevent their customers having their financial details stolen. Credit card details, personal information and passwords are all at risk of theft whilst unencrypted. However, if that’s not incentive enough, there’s also the risk of huge fines if data is stolen because you have failed to comply with regulations such as PCI or GDPR. Under GDPR the fines can be millions of pounds.
Another very good reason is that failing to have SSL can jeopardise your online reputation. Virtually everyone knows that there are risks involved with shopping on the internet and when much-trusted companies like Google or Microsoft start warning you that it isn’t safe to give your personal or financial details to a website, you are likely to take notice.
The padlock icon seen at the beginning of a browser’s address bar is now a universally recognised symbol that tells a user that the site is secure. If it isn’t, it will display an information icon and, in some circumstances, even the text ‘not secure’. When a user doesn’t see a padlock, your chances of selling to them are much reduced and this can have a devastating impact on your online sales.
Not surprisingly, sites that protect their customers using SSL benefit from better rankings in search engine results. Why, after all, should Google, Bing or Mozilla risk sending one of their valued users to an unsecured site when there are plenty of safe ones to choose from? If they did this, searchers would start using a different browser.
Using SSL also brings another benefit. HTTPS is quicker than HTTP so your site loads faster. As this is also a ranking factor used by search engines, you have an even better chance of higher rankings.
Getting an SSL Certificate
An SSL certificate can be obtained from your web host and, in most cases, the host will be able to set it up for you. Before you purchase your SSL, do take a look at the different types on offer as there are a number of options to choose from. Ideally, you should use strong security certificates with 2048-bit encryption.
When data travels between a user and a website, its pathway takes it along the murky channels of the internet’s underbelly. This is a place haunted by cybercriminals out to prey on vulnerable data. SSL certificates cast a spell on the data, making it impervious to attack. Even if the hackers get hold of it, they’d never be able to decrypt it and find the information it contains. Getting an SSL certificate not only protects against data theft, it also benefits your website in the eyes of search engines and customers.
If you are looking to secure your website with SSL, take a look at our SSL Certificate page.