With such a bewildering array of marketing options — digital and otherwise — we like to focus blog posts on actionable intel. Whether it’s a staff-written how-to or a link to somebody else’s smart idea, it’s news you can use in upping your marketing communications game.

November 21, 2017

Secure Websites and SSL — What You Need To Know

Lately you may have read that you need to be sure your website is secure, based on having an SSL security certificate — that’s what makes your site URL include “https” with the “s” at the end. What is all that and why does it matter?

In short, the time is coming when websites without an SSL certificate will be “punished” by browsers, by warning visitors that the site is not secure. In fact, Google’s Chrome browser is already rolling out a phased warning protocol, with a fairly bland warning now but a more severe warning coming at an unannounced date. With almost 80% share of the browser market share, that affects a lot of visitors to a lot of websites.

Following is a brief tutorial on the SSL situation, based on a variety of sources and website security types. BakerWoodward is happy to answer any questions this may lead to. Just give us a call to learn more.

The problem.

The information you send on the Internet from your web browser is passed from computer to computer until it gets to its destination. Any computer in between you and the destination can see your credit card numbers, usernames and passwords, and other sensitive information. Also, any of these computers could pretend to be your website and trick your users into sending them personal information. SSL was created to solve both problems.

What it is.

SSL stands for Secure Sockets Layer, an encryption technology that was originally created by Netscape in the 1990s. The primary reason SSL is used is to keep sensitive information sent across the Internet encrypted, so that only the intended recipient can understand it. 

How it solves both problems.

SSL creates an encrypted connection between your web server and your visitors' web browser allowing for private information to be transmitted without the problems of eavesdropping, data tampering, and message forgery. In addition to encryption, a proper SSL certificate also provides authentication. This ensures that you are sending information to the right server and not to an imposter trying to steal your information.

SEO Benefits.

Google posted last year that the secure content will become a noted ranking factor and will help sites increase their rank, provided that they have quality content. The bottom line is, sites with a SSL certificate will rank higher than sites that don’t have one.

Browser Issues.

Google plans to update their Chrome browser (by far the most popular browser today) to label all sites that do not have an SSL as “Not Secure”. From Google:

“Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.”

Ultimately Chrome will treat all sites that don't comply as un-trusted – presenting your site’s visitors with a page full of errors. No one will be able to use your site at all.

As of right now, we have not heard that other browsers are making this mandatory but it’s a safe bet that they will.

How To Get an SSL Certificate.

Your website’s hosting provider should be able to help you obtain and install a certificate. There are many different providers of certificates such as GeoTrust and Entrust and they offer many different types of certificates, which differ in encryption level and price. Choosing the best and most reliable SSL certificates available might be a matter of who you trust. In choosing an inexpensive SSL you may be getting a provider that is not known.  Also, some of the more inexpensive certificates are just as reliable as the expensive ones and you don’t want to pay for more security than you need.