September 01 2017

Understanding Website Security and SSL Certificates

SSL certificates ZAG InteractiveSSL (Secure Sockets Layer) is a form of security that keeps information encrypted and secure on websites. Since information sent through the internet is passed from computer to computer, any computer can access sensitive information if it’s not encrypted. While this common term is often just associated with logins, forms and ecommerce, website security is an increasingly hot topic in our digital-first world, and one that has gained increased visibility recently, for good reason. Explore what’s new in the world of website security, and what every website owner and marketer needs to understand in order to keep pace with changing technology. 

How can you tell if a website is secure?

Webpages that don’t have any security operating behind the scenes are easy to spot. Look at the address, or URL, in your browser. If it doesn’t start with https:// it’s not secure. This means an online hacker could eavesdrop on your site, stealing important data and damaging your site and business credibility.

Does every website owner need an https:// site?

Every website should have an SSL, unless your site collects no visitor data that would be considered secure. Examples include email newsletter registration, contact form that has an email field, logins and collection of credit card data. Further, even if you don’t have this type of data being collected on your site, Google has placed SEO value on using https://, so the search rankings of your site will likely suffer if the site is not secure.

Why am I hearing more about this now?

The Chrome web browser will start making non-secure sites more obvious to users starting in October 2017. There’s already a circle with a small “i” icon to the left of any web address you’re visiting that does not start with https://. Clicking on it displays the message, “Your connection to this site is not secure”, along with other data. When the Chrome browser version 62 is released in October 2017, the warning will become a little more obvious for anyone who starts filling out a form. “Not secure” will display in the address bar when this happens. This means that standard websites that have any type of form will be seen as potentially untrustworthy to site visitors. Tip: As a consumer, you should never type credit card information or your id or password into a website that lacks https://.

Is an SSL the only available solution for website security?

An SSL may not always be the right solution for your business. If your site takes credit cards for purchases, or if you own or manage a banking website with plans to begin using a .bank domain as your web address, a higher level of security called TLS 1.2 is required.
More complex security certificates are available and in some cases required, as with PCI compliance for most sites that take credit card payments. If your business owns multiple websites, your needs may best served by another type of digital certificate. Also, if your business also uses mobile apps or programs devices as part of the Internet of Things, your needs will be more complex. Solutions for these situations include wildcard certificates, EV certificates and ECC certificates. Broadly, the more domains and the more complexity, the more expensive the certificate(s). Consult with an organization you trust to ensure you’re using the right security for your needs and your customers’ needs.

What do I do if I own or manage a website that doesn’t have https://?

SSL certificates are inexpensive so if you own a website and you do not have an SSL certificate, now is the time to get one. Contact your web development firm or website hosting provider to purchase a certificate or to get recommendations on buying one directly, and discuss if your site should also offer another type of even greater security and encryption.
Note that it is possible to get a SSL certificate for free, but this should only be used test development environments or other situations where the group of users is small and their data is protected by other measures such as testing a new website inside your company network.

Want help navigating website security?

To discuss your specific website security needs, talk to a hosting specialist at ZAG Interactive.

  • Website
  • Website Compliance

ZAG Interactive is a full-service digital agency in Glastonbury, CT, offering website design, development, marketing and digital strategy to clients nationwide. See current job openings.