Like it or not, Google have been using their massive influence online, both in their search engine and web browser, to push website owners to ensure their websites are properly secured. This started last year with google working to ensure personal information is secure, for instance when you login to a website - by adding 'not secure' to their chrome browser. This same policy has recently been implemented in various ways by firefox and other browsers for sites that contain logins or forms, and is expected to only get more tightly enforced in future, potentially effecting all websites.
So how is this effect you as a website owner? First, lets start with an overview of SSL
What is SSL?
SSL, or Secure Sockets Layer, is best represented in your web browser as the green 'padlock' that is shown next to the website address. SSL is actually a term that is used to represent the establishment of a secure connection between a server (your website), and a client (the visitors web browser). From an encryption perspective, SSL usually implies TLS, or Transport Layer Security, the successor to the SSL encryption protocol.
Why use it?
The benefits of using an SSL certificate are two fold, the main purpose is to encrypt the website to browser connection so that the information going back and forth can't be read by a third party. The certificate can however also be used to establish trust, by validating the actual website's domain to the SSL certificate - this is known as an Extended Validation certificates, you will often see many banks and larger websites use to validate they 'are who they say they are'. Extended Validation certificates (or just EV certificates for short) are usually independantly verified certificates by a trusted certificate issuing company, so it contains more information than just encryption details.
What is the risk of not using SSL for my website?
If your selling products or services online and are transacting, then chances are your already running SSL/HTTPS, and if your not, then you really should be! There are huge risks involved in having transactions occur without SSL, so its vital that your site get updated with SSL to secure transactions.
So what about sites websites that are not transacting or requring users to login or pass on personal information? For instance a company presence or online portfolio based website, do you really need to be secured with HTTPS as well? This is a question that is regularly being debated by the industry.
Our position is simply, yes. While there is actually no personal information being collected on a company presence or portfolio site to justify implementation from a technical standpoint, by switching to SSL/HTTPS will give your website and business a few benefits, including;
By making your site SSL/HTTPS, it does give your visitors a certain level of confidence that your site is taking the extra step to secure communications between parties. This trust is even greater when you use an EV certificate which will validate your website against your organisation.
- Higher ranking in search
Google themselves have confirmed that sites under SSL/HTTPS will have an improved ranking signal, so if your investing in any sort of SEO - or plan to, its something that should be included in your implementation strategy.
- Future Proofing
While data indicates most website visitors, unfortunately, ignore security alerts from their browser, this is expected to change dramatically as google chrome and others redesign their browsers to make it harder to ignore these warnings. So by adding SSL sooner rather than later, your taking steps to future proofing your site when these newer browser versions are pushed out to users, who will then notice more and more when sites are not being secured by SSL and take action that could result in a negative impact to your reputation in future.
The points above alone justify making the switch for most modern websites, so next you need to work out whats involved.
How can we switch to SSL/HTTPS?
Ok, so note how I stated 'modern websites' above? This is where it can get complicated. If your using a modern CMS like wordpress or later version of our CMS, then switching is straight forward, its just a matter of purchasing a certificate then installing and reconfigure your site to run under the SSL/https site instead. If your doing any sort of active online marketing campaign, then the switch should be organised with your SEO partners, as there can be some steps that need to be added to the process to make sure google's search engine handles the switch seamlessly.
If your using an older platform or a legacy system however, such as an older CMS or eCommerce system, then switching can be more problematic as it may not easily support switching to HTTPS. Our team can help with making this assessment and determining the best way forward to get your site compliant, so feel free to reach out to us for assistance.
I need help!
If your not sure how to proceed to switch your site to SSL, contact us and we can assist you.