In this day and age where information theft and data protection are ever-increasing concerns, it’s never been more pertinent for Internet users and businesses to make provisions for their online security.
Practically all modern businesses have some form of online presence, ranging from a simple business card style site to more sophisticated sales and marketing sites designed to drive growth. No matter how basic or elaborate the website, online security can no longer be viewed as an optional extra.
When scientists developed the Internet as a means for exchanging data back in the 1970s they never spared a thought for security. At that time, there were so few people connected to the Internet that all users probably knew each other – and they didn’t envisage there would be anything to gain from hacking systems and spying on data.
Several decades later and the Internet is now as prevalent as any major utility. And it's deep penetration into society has brought with it the opportunity for governments and individuals to exploit others by spying on online activity. It’s now essential to secure all websites and Internet communications as soundly as possibly to protect against these dangers.
Technology service providers are raising standards in a concerted effort to protect and inform their users about online security risks. Omnipresent developer, Google, for example, has been addressing users’ concerns by visibly stepping up its security efforts.
Users of Google’s online services such as G Suite or Gmail are being inundated with a catalogue of security checkups, data privacy policies and two-factor authentication options to help prevent unauthorised account access. The increased Internet security message is being delivered to users loud and clear.
Google Chrome – the most popular website browser in the UK – has actively transitioned from the browser only flagging up problems on websites with invalid security certificates to now overtly identifying sites that are not secure in the first place.
Chrome makes it undoubtedly clear to users that they’re browsing secure websites by featuring a highly visible green padlock labelled ‘Secure’ at the beginning of its search bar. This label doesn’t appear in non-secure websites – and when users click the ‘information’ icon in its place, they’re told in no uncertain terms not to ‘enter any sensitive information on this site’ and that their data is at risk of being ‘stolen by attackers’.
This marks quite a paradigm shift in Chrome, and further moves are being taken towards alerting users about websites that aren’t using security certificates to protect their data. As of July 2018, Google has advised that any site that doesn’t include an SSL certificate for all pages will be labelled ‘Not Secure’. And, it may not be long before Chrome refuses to even load non-secure websites.
Similar steps are also being taken by competing browsers, including Firefox, Safari, Internet Explorer and Edge, indicating that this is a general trend affecting all platforms.
What is an SSL Certificate?
SSL is an acronym for Secure Sockets Layer, and SSL certificates are the backbone for any website security. The certificate allows a browser to bridge a secure connection between your device and the web server, thereby ensuring that information is safely transferred. Generally speaking, if a website address begins with HTTPS it is using a secure connection, and if it begins with HTTP is not.
Google revealed as far back as 2014 that it prioritises secure websites over non-secure ones in search results.
When competing websites share similar ranking factors on the same keywords, SSL certification could be a tiebreaker in terms of search rankings with secure sites potentially appearing higher on search results page than non-secure sites.
“We’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal.” - Google Webmaster’s blog
Internet users have never been more wary of data security and online privacy amid reports that one in 10 people have now experienced some level of a hacking attempt, identity theft or other related incidents.
Consumers take a risk when they buy goods and services online and if businesses lose their trust, they are unlikely to return. SSL certificates provide another layer of confidence for online customers to feel safe and secure while they visit websites to find information, buy products or services, and share links with friends.
Some types of SSL certificates can also clearly designate the owner of the website within the web browser itself; businesses with such ‘Extended Validation’ certificates are instantly recognised by customers as being legitimate. For finance, ecommerce or other businesses asking customers to hand over sensitive data, this is especially relevant.
@TheBestYou_ I went to purchase tickets but your site is not secure and I'm not too keen on giving my bank details. Do you have PayPal? — Paige Nunes (@PNunes95) January 22, 2017
SSL certificates encrypt sensitive data during transmission between user devices and the web server, rendering it useless to anyone but the intended party.
When information is submitted by a customer online, the data often relays between a channel of computers before reaching its final destination. The chances of this information being stolen are lower if your site uses SSL encryption. With recently introduced GDPR legislation, protecting customer data has become a legal requirement for all businesses dealing with EU customer data.
Most ecommerce websites today will usually have an SSL certificate in place on at least the pages where credit card information is submitted. However, customers are now looking for web browser security verification on all pages, not just the checkout – and they’re more likely to leave the site if pages are not labelled secure.
When visitors arrive on your website from another domain, this information is recorded by your analytics package – including the web address that your visitors came from.
If your business website does not have SSL certificates, then the address of the originating site will not be recorded if that site uses SSL encryption. Instead, visitors will simply be logged under ‘Direct’ within your traffic source reports, with no details of where they arrived from.
There are a number of factors that need to be checked. If you answer no to any of these, then you do not have a fully secure website and should take action.
This is obviously quite a long and technical checklist, so it would be wise to enlist the help of a competent technical expert who can review your business website to ensure it meets the criteria now that Google requires SSL certification for all pages.
If you would like us to advise you on how to make your business website more secure, please contact us on 020 3519 8585 or send us a message. And, if you want a better understanding of your website’s overall performance, request a Website & Online Marketing Audit below.
We will contact you using the details below to arrange your audit.
All fields are required