Web security checklist: do you need an SSL Certificate?
You’ve registered the perfect domain name for your website, you’ve connected your domain to your hosting. Your product list is coming together and your website looks great. Then, bam. A new contact from the local chamber of commerce asks you over breakfast finger foods if your small business website will be secured with an SSL certificate. You seem to sort of remember hearing that soon Google Chrome will be alerting web visitors that a site is not secure if it does not have an SSL certificate. But wait, what is SSL? Is it on my web security checklist? Does my website really need an SSL certificate? Do I need to know how SSL works?
Not to worry. Because you’ve read this, you can skip choking on a sausage link or asking someone to pass the muffins to buy time to do a quick web search before answering.
Here’s the skinny.
Website security checklist item 1: What is SSL?
First things first — what is SSL, exactly? “SSL” is short for Secure Sockets Layer. In simpler terms, it’s how small business communicate with customers that they can browse, buy products or services, and share information safely with you online. Without getting overly technical, adding an SSL creates a safe connection for those kinds of activities.
Think of an SSL certificate as a giant windshield for when you drive on the information super-highway. You wouldn’t head out on your local freeway — especially at night in a rural area — without something between you and all the bugs. You likely couldn’t see, and besides, you’ve already had your protein for breakfast. In much the same way, an SSL certificate protects your site — and its visitors — from many digital bugs, worms and other nasty web creatures.
Before quickly dismissing your site as “too small to be a target,” bear in mind that most interceptions are done electronically without a human deciding who is attacked.
This is why acquiring an SSL Certificate should be at the top of your website security checklist. A web creepy crawly doesn’t care how big you are or what you do for a living. They have one goal, and that is to find vulnerabilities. Once discovered, its dirty work begins.
How SSL works
If you’re ever wondered how SSL works, look no further. An SSL certificate works to create an encrypted connection between your visitor’s browser and the server. A secure session is established via a “handshake” process, one that involves a back-and-forth between the web browser and the web server, and it occurs behind the scenes — all without interrupting the shopping or browsing experience.
This brings us back to the original question: Should SSL be part of your website security checklist? As of July, 2018, Google Chrome will be marking a website as “Not Secure” if it is not protected with an SSL certificate. It’s all a part of making the global web more secure. However, it is even more important if you collect data or accept payments.
Accept payment securely
Do you plan to accept major credit cards online? You’ll likely need a merchant account, and most of them will require you to use an SSL certificate. Some web hosting companies, including GoDaddy, have terms of service requiring websites to be secured with an SSL before accepting credit cards. Besides, would you really want to put your customers at risk of having their credit card information stolen while shopping on your site?
It’s not exactly a great way to attract repeat business.
Some online store and shopping cart programs come with a built-in secure payment system. In these cases, a third party handles the credit cards or provides another method of paying online. If this applies, it’s possible that your small business might not need the added protection of an SSL for your checkout page.
There are other reasons, however, to add an SSL.
Protect password logins
A major reason you might want to add an SSL certificate to your website is if any of your pages are password protected. This includes WordPress or Joomla! or other database-driven sites with a login page for the administrator.
Membership sites with multiple logins also create more opportunities for black-hat hackers to attack.
Remember, anything that needs to be secure online needs to operate under the safety net of an SSL certificate.
The web is filled with bots lurking around seeking poorly protected password pages to provide them access to your website. You don’t want to log on only to find your pages have been defaced or deleted.
Secure all web forms
Not everyone collects money online. Some websites collect information. These could be leads for potential home buyers. Or questionnaires about your client’s employment history. Or anything. If you are collecting even the most basic information such as name, address, phone number and email address, chances are your clients would not want that information leaked.
Without an SSL certificate, some types of form mail can be intercepted. Some code is more reliable than others. Do you want to take chances that yours is susceptible to hacking?
This is why securing your online forms with an SSL certificate is also a must. You wouldn’t do business with someone who skipped this step. Don’t give anyone this as a reason not to do business with you.
More SSL certificates
Now that you’ve learned what is SSL and how SSL works, you can move on to picking one for your website. Depending on the type of site or sites you run, you could potentially need a different type of SSL certificate. Learn about the four types of SSL certificates available:
- Wildcard SSL Certificate
- Extended Validation SSL Certificate
- SAN SSL Certificate
- Organization Validation SSL Certificate
Once you’ve determined which option is the best fit for you, attach it to your website and enjoy the benefits. Your visitors will thank you.