Padlock and chain locking a rusty door

The Benefits of SSL Certificates, and Why All Business Websites Need Them

Matthew Hall Gold Shards No Crop

Posted by Matthew Hall

2nd February 2017

In this day and age where information theft and data protection are ever-increasing concerns, it’s never been more pertinent for Internet users and businesses to make provisions for their online security.

Practically all modern businesses have some form of online presence, ranging from a simple business card style site to more sophisticated sales and marketing sites designed to drive growth. No matter how basic or elaborate the website, online security can no longer be viewed as an optional extra.

The internet was never designed to be secure

When scientists developed the Internet as a means for exchanging data back in the 1970s they never spared a thought for security. At that time, there were so few people connected to the Internet that all users probably knew each other – and they didn’t envisage there would be anything to gain from hacking systems and spying on data.

Several decades later and the Internet is now as prevalent as any major utility. And it's deep penetration into society has brought with it the opportunity for governments and individuals to exploit others by spying on online activity. It’s now essential to secure all websites and Internet communications as soundly as possibly to protect against these dangers.

Minimum acceptable security standards are changing

Technology service providers are raising standards in a concerted effort to protect and inform their users about online security risks. Omnipresent developer, Google, for example, has been addressing users’ concerns by visibly stepping up its security efforts.

Users of Google’s online services such as G Suite or Gmail are being inundated with a catalogue of security checkups, data privacy policies and two-factor authentication options to help prevent unauthorised account access. The increased Internet security message is being delivered to users loud and clear.

Web browsers are flagging website security status more clearly

Google Chrome – the most popular website browser in the UK – has actively transitioned from the browser only flagging up problems on websites with invalid security certificates to now overtly identifying sites that are not secure in the first place.

Chrome makes it undoubtedly clear to users that they’re browsing secure websites by featuring a highly visible green padlock labelled ‘Secure’ at the beginning of its search bar. This label doesn’t appear in non-secure websites – and when users click the ‘information’ icon in its place, they’re told in no uncertain terms not to ‘enter any sensitive information on this site’ and that their data is at risk of being ‘stolen by attackers’.

This marks quite a paradigm shift in Chrome, and further moves are being taken towards alerting users about websites that aren’t using security certificates to protect their data. As of July 2018, Google has advised that any site that doesn’t include an SSL certificate for all pages will be labelled ‘Not Secure’. And, it may not be long before Chrome refuses to even load non-secure websites.

Similar steps are also being taken by competing browsers, including Firefox, Safari, Internet Explorer and Edge, indicating that this is a general trend affecting all platforms.

What is an SSL Certificate?

SSL is an acronym for Secure Sockets Layer, and SSL certificates are the backbone for any website security. The certificate allows a browser to bridge a secure connection between your device and the web server, thereby ensuring that information is safely transferred. Generally speaking, if a website address begins with HTTPS it is using a secure connection, and if it begins with HTTP is not.

The benefits of making your business website secure

1. More traffic: Google prioritises secure websites in search rankings

Google revealed as far back as 2014 that it prioritises secure websites over non-secure ones in search results.

When competing websites share similar ranking factors on the same keywords, SSL certification could be a tiebreaker in terms of search rankings with secure sites potentially appearing higher on search results page than non-secure sites.

“We’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal.”

— Google Webmaster’s blog

2. Better user engagement: Visitors feel more confident using secure websites

Internet users have never been more wary of data security and online privacy amid reports that one in 10 people have now experienced some level of a hacking attempt, identity theft or other related incidents.

Consumers take a risk when they buy goods and services online and if businesses lose their trust, they are unlikely to return. SSL certificates provide another layer of confidence for online customers to feel safe and secure while they visit websites to find information, buy products or services, and share links with friends.

Some types of SSL certificates can also clearly designate the owner of the website within the web browser itself; businesses with such ‘Extended Validation’ certificates are instantly recognised by customers as being legitimate. For finance, ecommerce or other businesses asking customers to hand over sensitive data, this is especially relevant.

3. Prevent information theft: Data is more likely to be stolen from non-secure websites

SSL certificates encrypt sensitive data during transmission between user devices and the web server, rendering it useless to anyone but the intended party.

When information is submitted by a customer online, the data often relays between a channel of computers before reaching its final destination. The chances of this information being stolen are lower if your site uses SSL encryption. With recently introduced GDPR legislation, protecting customer data has become a legal requirement for all businesses dealing with EU customer data.

4. Essential for online payments: Shoppers will leave unless all pages are secure

Most ecommerce websites today will usually have an SSL certificate in place on at least the pages where credit card information is submitted. However, customers are now looking for web browser security verification on all pages, not just the checkout – and they’re more likely to leave the site if pages are not labelled secure.

5. Access invaluable marketing data: Analytics won’t show visitors arriving from other secure websites if your own site is not secure

When visitors arrive on your website from another domain, this information is recorded by your analytics package – including the web address that your visitors came from.

If your business website does not have SSL certificates, then the address of the originating site will not be recorded if that site uses SSL encryption. Instead, visitors will simply be logged under ‘Direct’ within your traffic source reports, with no details of where they arrived from.

Is my business website secure?

How to test your website security:

There are a number of factors that need to be checked. If you answer no to any of these, then you do not have a fully secure website and should take action.

  • Is an SSL Certificate installed?
  • Is it registered to the correct website hostname?
  • Is the expiry date in the future?
  • Is it issued by a recognised Certificate Authority?
  • Do all pages use the security certificate?
  • Are all scripts, images and other files using a secure connection as well as the page itself?
  • Are any external assets included also secure?
  • Does the website automatically refuse or redirect non-secure requests to secure ones?

This is obviously quite a long and technical checklist, so it would be wise to enlist the help of a competent technical expert who can review your business website to ensure it meets the criteria now that Google requires SSL certification for all pages.

Looking for more advice on how to make your website secure? Get in touch! And if you want a better understanding of your website’s overall performance, consider doing a CRO Audit.