The internet, by its nature, is insecure. Think about the stories you’ve heard concerning identity theft and huge amounts of sensitive personal information being stolen through hacks into large, presumably secure companies. Anthem Health Insurance, eBay, J.P. Morgan Chase & Co., and other large corporations have suffered from online attackers in recent years. While today’s cutthroat internet-centric market makes it imperative that you have an online presence, how can you be sure that your customers’ and your own information is kept safe?
A good way to start is to offer your customers a website that’s secured with an SSL Certification. Our team at storEDGE requires these certifications for all of our websites and for good reason. Read on to learn everything you need to know about this protection and why you need it.
Also known as TLS, or Transport Layer Security, these protocols are designed to protect against hackers and identity thieves during the transfer of information between two devices connected via the internet.
When using a website secured through an SSL Certificate, all information sent becomes unreadable to any device between the origin computer and the destination server. In this way, SSL serves to inhibit outside attacks.
SSL Certification creates a secure connection linking your browser and the destination web server. This “handshake” is almost instantaneous and happens before the webpage is even loaded and appears on your screen.
The diagram and following explanation below shows the handshake and key sharing process broken down into a step-by-step fashion:
Browser: The connection (handshake) is started when the browser attempts to connect to a web server secured with SSL.
Web Server: The server responds to the browser by sending a copy of its SSL Certificate and its public key.
Browser: The browser certifies the SSL Certificate. Once approved, a session key is sent to the server using the public key.
Web Server: The server decrypts the session key using its own private key, then acknowledges the transmission and begins the secure connection.
Web Server and Browser: The connection is finalized. Any and all information transferred during the connection is encrypted using the session key.
Once a secure connection has been verified, your browser will display a mark indicating that the website is transferring information through a secured SSL Certified connection. In the navigation bar, you will see a padlock icon and that the website URL begins with “https” rather than “http.” Note the image below using Google Chrome:
Some browsers will not display a padlock icon, but the website’s address will always be displayed with an HTTPS prefix if a secure SSL connection has been made.
Internet shoppers are extremely conscious of the security issues involved with online transactions. They are typically unwilling to risk the integrity of their personal information. The padlock icon and HTTPS prefix are signs that your site is secure and that the sensitive information transferred during a session will remain protected.
Gartner Research, a technology research firm that collects data and statistics about the online community, showed that close to 70 percent of online shoppers have terminated an online order based on the fact that they did not trust the transaction or site. Of that 70 percent, 64 percent stated that the indication of a trust mark would have convinced them to follow through with the purchase.
If your website processes any kind of online transactions, then PCI compliance, or PCI DSS (Payment Card Industry Data Security Standard), requires that your website be secured through a verified SSL Certificate. In order to take any form of payment online, you will need this certification.
But “secure transactions” doesn’t just mean selling products online to your customers. If your customers have the ability to log into any part of your website or if they are entering any sensitive personal information, then SSL Certification is required to keep this information secure.
Google announced in late 2014 that it would start boosting the rankings of sites that were SSL Certified. Since this announcement, many SEOs have argued about the overall importance of SSL Certification in search results. Some believe that the boost will only be noticeable in rare instances when your site is ranked equally with another.
Despite the varying accounts of exactly how much SSL and HTTPS will affect your overall rankings in search results, the fact of the matter is this: if adding SSL Certification to your website will be beneficial to your users and their information, then you should do it.
Additionally, you should always be doing everything you can do to make your site rank above others. Because HTTPS prefixes appear in search results, it becomes another form of trust marker to your customers. Based on this trust marker, SSL Certification can increase click-through rates. Click-through rates do affect your rankings, so SSL Certification does have the potential to boost your ranking.
Referral traffic is how Google tracks visits to your site that originate outside of its search engine results. Any user that clicks on a link to visit a site outside of the current site is recorded as referral data. Traffic of this type to an HTTP site is no longer recorded by Google Analytics.
However, when referral traffic passes to an HTTPS site, the secure referral data is preserved. This holds true whether the original site uses HTTPS or HTTP. As more and more sites make the switch, this factor will become more important to getting accurate analytics and your rankings.
So now that you know how it works and what the benefits of having SSL Certification can do for your website, your next question is most likely “How can I get it?” Most website providers will offer third party certification through verified Certificate Authorities. Some may even pay for it.
Here at storEDGE, we require that all of our website users have SSL Certification. For that reason, we purchase and provide this certificate through a verified Certificate Authority to ensure that all of our clients and their customers are protected. Check with your website provider and ask them about SSL Certification. They will be able to provide you with the answers you need to get the protection necessary.
Once you switch to an HTTPS, you’ll need to be sure that you cover all your bases so that the switch does not break your site. Ensure that all of your internal links redirect to the correct, SSL certified site. We at storEDGE always make sure that this step is done properly and that your site is fully functional. Your web services provider should be able to complete this process for you.
Analyze the use of your website to determine whether or not SSL Certification is right for your needs. Are your tenants able to log in to their accounts? Do they enter their address, phone number, and other personal information? Are they paying their monthly rent through an online portal? If you answered yes to any of these questions, then you probably need SSL. Reach out to your web service provider and start learning all you can about protecting yourself and your customers.
SSL and TLS protocols were designed specifically with the user in mind. The protection this tool offers, however, is for everyone involved in an online transaction. Keep in mind that, should your website be deemed responsible for the loss of a customer’s sensitive information, you are at fault. With the certification offered by SSL, you can make your website more secure and thereby increase your sales through a sense of trust with your clientele.