Have you ever wondered why some websites have an ‘http’ at the start of their URL and some have an ‘https’?
The vast majority now have https and that’s for a very good reason. It’s to do with security.
The ‘s’ indicates that the website you’re on has something called an SSL certificate.
‘Ok, great. Although, that doesn’t really help… what’s an SSL certificate?’
Well, glad you asked. Here’s the lowdown on what SSL certificates are, why it matters if a website only has ‘http’ and what to do about it.
SSL stands for Secure Sockets Layer. This is what keeps your connection secure whilst you are on that website.
In fact, the people that made it say it best themselves:
‘It’s the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browser remain private.’
In other words, any information you share with that domain stays between you and the website provider.
When you access a website, your browser communicates with the website to see if it’s got an SSL. If it does, a binding encrypted link is created between you and the website. This ensures no one else can get in.
If that sounds like a long-winded process, don’t worry. It does this pretty much instantaneously. In fact, connecting to a website with an SSL certificate is probably faster than connecting to an unsecure one.
Having a secure connection with a website you’re accessing is particularly important if you’re inputting information into the site, for example, filling out a form or purchasing something using your card details.
Theoretically if you were to do this and your connection was not encrypted, a hacker could steal this data.
The way they would most likely do this is by attaching a listening program to the server of the website and then as soon as someone starts inputting their details, bam, it would start to intercept them.
So, by having an SSL certificate on a website you know that the connection is encrypted and therefore completely inaccessible from the rest of the internet.
We’ve talked about the dangers of hacking before. The risks range from somebody getting your email and being spammed with phishing emails, to a hacker actually intercepting your bank details or medical records.
If you’re signing up to a membership or using an e-commerce site it’s a good idea to double check that the website you’re using has an SSL. i.e. is it preceded with ‘https’?
Depending on the browser you use, you’ll usually be notified if something’s up. On Google Chrome, any website that isn’t secure will have an exclamation mark and a note saying ‘not secure’ in the top left-hand side of the URL bar.
Most browsers will also have a green padlock and green text informing you of when a website is secure, particularly when you’re at a checkout or other area where secure information is being asked for.
In many cases your website will already have an SSL certificate. Depending on who you got your website from and how it’s been built, this will be covered. But it’s always good to check.
As a business it’s important that visitors to your site feel safe when they’re looking around. Statistics show that website visitors are more likely to clear off if there are any concerns about how secure the connection is.
If you’re asking for details to be filled in or are selling products from your site then it’s essential that you protect user’s data.
Having an SSL is also looked upon favourably by Google’s search ranking algorithm so it may well help with your SEO.
If you need to get an SSL for your site, there are a few different kinds to be aware of.
The standard SSL is fine for most sites and is likely more affordable, if not already provided by your website and domain provider.
If you are in a regulated industry like finance or insurance and have specific requirements for your company then you may need more secure encryption.
Extended Validation or EV certificates would be required for company’s who are handling more sensitive information. These aren’t granted to the website owner until a review into the company has taken place to ensure they are who they say are.
On the flipside, Domain Validated certificates are not so secure. They require no background check into the owner to be purchased. As a user it’s important that you don’t enter sensitive information on a website with a DV SSL certificate as the owner could be fraudulent.
Browsers like Chrome will usually let you know if they think a website fits this profile and isn’t to be trusted.
If you’re a website owner, once you’ve bought a certificate it will have different validity periods and will need renewing periodically.
If you want any more information about this or aren’t sure if your website is secure, get in touch with us and we’d be happy to help.