Does your website need an SSL certificate?
You’ve registered the perfect domain name for your website. Your product list is coming together and your website looks great. Then, bam. A new contact from the local chamber of commerce asks you over breakfast finger foods if your website will be secured with an SSL certificate.
You remember hearing that Google’s Chrome browser will display a “Not Secure” warning next to the website in the address bar if the site is not secured by an SSL certificate. But wait, what is SSL? Does my website really need an SSL certificate? Do I need to know how SSL works?
Not to worry. Because you’ve read this, Here’s what you need to know about SSL certificates for your website.
What is SSL?
“SSL” is a short form of Secure Sockets Layer. In simpler terms, it’s how website owners communicate with customers so that they can browse, buy products or services, and share information safely with you online.
Without getting overly technical, adding an SSL creates a safe connection for those kinds of activities.
“Think of an SSL certificate as a giant windshield for when you drive on the information superhighway.”
You wouldn’t head out on your local freeway especially at night in a rural area without something between you and all the bugs. In much the same way, an SSL certificate protects your site and its visitors from many digital bugs, worms, and other nasty web creatures.
Before quickly dismissing your site as “too small to be a target,” bear in mind that most interceptions are done electronically without a human deciding who is attacked.
“No site is too small to get hacked.”
In fact, research shows that half of all cyberattacks target small businesses.
A web creepy crawly doesn’t care how big you are or what you do for a living. They have one goal, and that is to find vulnerabilities. Once discovered, its dirty work begins.
What does an SSL certificate do?
An SSL certificate works to create an encrypted connection between your visitor’s browser and the server.
A secure session is established via a “handshake” process, one that involves a back-and-forth between the web browser and the web server, and it occurs behind the scenes — all without interrupting the shopping or browsing experience.
An SSL works to protect valuable information passed between the two parties.
Does your website really need an SSL certificate?
As mentioned above, Google began rolling out Chrome 68 in July 2018, marking a website as “Not Secure” if it is not protected with an SSL certificate. It’s all a part of making the global web more secure. However, it is even more important if you collect data or accept payments.
Accept payment securely
What Are SSL Cards
Do you plan to accept major credit cards online? You’ll likely need a merchant account, and most of them will require you to use an SSL certificate. Some web hosting companies have terms of service requiring websites to be secured with an SSL before accepting credit cards. Besides, would you really want to put your customers at risk of having their credit card information stolen while shopping on your site?
It’s not exactly a great way to attract repeat business.
Some online store and shopping cart programs come with a built-in secure payment system. In these cases, a third party handles the credit cards or provides another method of paying online. If this applies, it’s possible that your small business might not need the added protection of an SSL for your checkout page.
There are other reasons, however, to add an SSL.
Protect password logins
A major reason you might want to add an SSL certificate to your website is if any of your pages are password protected. This includes WordPress or Joomla! or other database-driven sites with a login page for the administrator.
Membership sites with multiple logins also create more opportunities for black-hat hackers to attack.
“Remember, anything that needs to be secure online needs to operate under the safety net of an SSL certificate.”
The web is filled with bots lurking around seeking poorly protected password pages to provide them access to your website. You don’t want to log on only to find your pages have been defaced or deleted.
Related: 10 best practices for creating and securing stronger passwords
2. Secure all web forms
Not everyone collects money online. Some websites collect information. These could be leads for potential home buyers. Or questionnaires about your client’s employment history. Or anything. If you are collecting even the most basic information such as name, address, phone number, and email address, chances are your clients would not want that information leaked.
Without an SSL certificate, some types of form mail can be intercepted. Some code is more reliable than others. Do you want to take the chances that yours is susceptible to hacking?
“This is why securing your online forms with an SSL certificate is also a must.”
You wouldn’t do business with someone who skipped this step. Don’t give anyone this as a reason not to do business with you.