Why Every Website Needs an SSL Certificate
There was once a time when having an SSL on a website was an optional sort of thing. It was there to provide a little peace of mind to commerce customers. The little green lock in the corner of the web browser has largely gone unnoticed up until recently as most users weren’t clear what the significance was. As the internet has evolved, this layer of security has become an absolute must. This technology is no longer just a nice thing to have for users visiting a website; it is critical for the safety of the website as a whole.
What is SSL anyway?
Let’s get the, kind of, easy question out of the way first. SSL, or Secure Sockets Layer, is the standard term for the technology for securing data transfer between connections. The current technology used for this is called Transport Layer Security, or TLS, and is essentially the same thing as SSL, so to make things less confusing the terms are often used with the same meaning as TLS is an updated version of SSL. Without SSL, information transferred between a browser and a server could potentially be read or changed in transit by an attacker somewhere between the two in what is known as a man-in-the-middle attack. This security layer prevents this by encrypting data that is transferred so those outside of the transaction cannot read the data.
Not all web browsers show the lock symbol as prominently as Chrome, but there is another way to determine if a website is secured with an SSL in place. If a URL starts with HTTPS, it is pretty safe to assume that the connection is at least attempting to make use of the secure port for the website (ex: https://ashday.com). HTTPS, or HyperText Transfer Protocol Secure, is something that users should start looking at a bit more closely. Not having this as the standard for a website could cause visitors to leave as sites without SSL sometimes pose more risk than they are worth. This is especially true for sites where users log into and send data to the website.
Why this is more important than ever
Aside from preventing attacks on visitors to the website, which is something that demands concern right now, there is something else that is pushing the SSL issue this year. Earlier in 2018, Google announced that they will be specifically calling out websites that aren’t using SSL by marking them “not secure” in the address bar. This means that it will be more clear to users that a given site is potentially dangerous and not somewhere they want to be. Other browsers are likely to begin calling out websites that aren’t secured soon as well, so the clock is ticking to get this easy security win for websites that don’t have one.
In our connected world, the focus on security will only increase as time goes on. Just as it is important to keep a brick-and-mortar type location secure, it is time to focus that same scrutiny on the internet presence of businesses as well. Users are depending on website owners to put this care into security so they can use the internet without fear of their information being stolen by criminals. While SSL isn’t a guaranteed way of preventing all of these types of attacks, it is an easy low-hanging-fruit type of solution that can very quickly help legitimize a website to end users.
Web hosting providers are making it easier now to install an SSL and with some services it can even be installed for free. There are other services out there, like Let’s Encrypt, that provide the means to create an SSL certificate at no cost as well, so there really isn’t an excuse like there was before. The time to secure websites isn’t now, it was years ago. Let’s make the internet just a little bit safer and put more into the security of our websites.