Small Business Marketing 101: Does My Website Need SSL?
You’ve probably heard of SSL certificates.
You’ve certainly interacted with them during your various internet browsing journeys, even if you didn’t realize it. You may have even considered implementing one on your own website.
Anecdotally, you have heard that an SSL certificate makes your website “secure.” While that may be true in a sense, providing a simple way to package the idea for the sales team, it’s a bit misleading in what the SSL certificate’s role is in the security of your website.
Understanding how an SSL certificate is used, what it protects, and what benefits it provides can help you determine if implementing one is the right move for your website.
What Is an SSL Certificate?
A publicly accessible website is fundamental for your company to display basic information about your products and services. It allows you to interact with current or prospective customers.
Think of your website as a farmer’s market or bazaar, where your storefront is available for all passersby to check out and, if interested, purchase some of your fine products. In the physical world, the customer hands you cash or a credit card, and provide the customer your stellar product. Securing this exchange and detecting potential theft is fairly easy in this scenario; you keep your eye out for any suspicious characters or lurkers.
In the virtual world, however, protecting this transaction is a bit more complicated.
While much of the content on your website may be suitable for anyone to see, you want to protect any customer logins or purchases that happen on your website. You may even want to protect all your website’s conversations with visitors from prying eyes and ears. Your website needs to have a private conversation with a customer on the very public Internet, so how can you accomplish this? SSL certificates provide a method for this exact scenario!
SSL (now formally known as TLS) has been around for decades, and it is most commonly used to secure HTTP traffic (web traffic). SSL is used to encrypt the conversation your website has with your customer so that no one can understand it. Using the market analogy from above, this is the equivalent of speaking in a language only the customer and you know – other people may be able to hear you, they just don’t know what you’re saying.
How Do SSL Certificates Work?
Technical jargon warning! Feel free to skip this paragraph if you find techy details boring or tedious, but read on for a high-level description of how SSL/TLS certificates behave to encrypt the conversation, allowing for secure communications between your website and your customer’s browser:
Asymmetric encryption is used, meaning two separate keys are generated by the server – one public, one private – to allow the client to encrypt their message to the server with the public key. The server decrypts the message with the private key. Extremely high-level math is used to generate these key pairs so the private key cannot be easily derived from the public key, and only the private key (held by the server) can decrypt a message encrypted by the public key (provided by the server to anyone who wants it). Once the conversation starts and is secure, symmetric encryption takes place for speed benefits, but the asymmetric method allows for public conversations to turn private without the impractical need of sharing secrets ahead of time.
Now, all these math equations, encryption functions, and communication methods are built into servers and browsers already, so why do you need to buy an SSL certificate? The answer is trust.
An SSL certificate provides a mechanism to prove your identity, giving end users a guarantee that they are indeed talking to your website.
Many companies that sell SSL certificates are known as Certificate Authorities. Certificates issued by them are deemed trustworthy by the stringent security controls they have followed in their issuing and validation processes. These companies come pre-loaded into most browsers, so if you visit content on a site with a valid SSL certificate issued by Comodo or VeriSign, you get redirected from http:// to https:// and a comfort-inducing lock icon shows up, letting you know the certificate was issued by a trusted Certificate Authority and your conversation with the website is protected.
Why Should You Consider an SSL Certificate?
Within the past few years, Google and others have started to prioritize the use of SSL in their SEO rankings. Modern browsers now present more warnings and prompts for end users to be aware of potentially dangerous activity – untrusted or invalid certificates, weak algorithms or ciphers, mixed content transmission, or potentially sensitive input – may be occurring.
Establishing trust, privacy, and peace of mind with customers goes a long way toward brand reputation.
An SSL certificate is a necessity to provide security for sensitive conversations your website has (credit card numbers, contact forms, login areas, password fields, etc.).
Does an SSL Certificate Impact My Site’s SEO?
Short answer: YES!
When we first wrote this blog post in late 2017, the idea that Google was going to penalize websites without SSL certificates was still just a rumor; SEO and IT professionals recommended everyone get one just for the trust and security factor. It was something you could do to keep your customers safe, gain trust, and it might help your SEO rankings a bit.
As of July 2018, though, an SSL certificate is an absolute necessity in the modern web world.
If your site doesn’t have an SSL certificate, Google now displays a red “Not Secure” warning to the left of your URL, letting each and every visitor know their information may not be safe on your website.
While Google hasn’t outright said that not having an SSL certificate impacts your SEO rankings, it stands to reason that seeing that big red “Not Secure” in the corner of the browser will scare away some users, impacting bounce rate which then impacts rankings. In other words: Putting an SSL certificate on your website is part of making sure it’s set up to help your SEO.
Security is more of a posture than a position; a behavior rather than a destination. Older SSL/TLS ciphers and algorithms have been mathematically broken in the past, allowing “unscrambling” of previously recorded encrypted conversations, and Certificate Authorities have even been compromised or compelled to share keys (see: the NSA).
Security considerations are always changing, so having knowledgeable professionals involved in SSL certificate implementation with the ability to adapt to these changes is important in both determining adequate encryption strength as well as sensible website coverage.
The Website Design Team at 270net is skilled and proficient at installing and managing SSL Certificates for websites, staying current with the latest security changes. Contact us today to discuss what securing your customers’ interactions can do for your website!