Web security is becoming more and more mainstream. The last five years has featured a number of high profile data breaches: Yahoo, Equifax, Marriott-Starwood, Ebay, Linkedin.
One of the easiest modes of adding security to a website is forcing users to connect to your website using SSL.
What Is SSL?
To explain this as simply as possible, I would say that HTTPS means there is a padlock in the address bar. 😄
More technically, SSL means that all communications that occur between the browser and the webserver are completely encrypted. Anyone watching the data move between the webserver and the user’s browser would not be able to see anything but random noise.
Does every site need an SSL?
YES! Even if your site does not collect personal information, credit card details or have a sign in form, SSL makes sense for several reasons:
- Ensures the version of the site that the visitor sees is the version of the site that you built. The encrypted nature of the HTTPS communication ensures that there are no third parties inserting themselves between the visitor’s browser and the webserver and altering any of your content
- Privacy: As Edward Snowden revealed in 2013 just how much surveillance was occurring by the world’s nation states -even if your site serves nothing of a personal nature - visitors should still be able to surf without having to worry about their ISP, IT department or other large third parties being able to see what they are reading or posting.
- Malicious Ads: There were many examples of malicious ads being served to visitors that caused "drive by injections". Had the communication been encrypted, this would not have been possible. Google, The New York Times, BBC, AOL and Forbes were all caught serving malicious ads on their respective websites starting in 2016.
Google Chrome
With the launch of Chrome version 56 in 2017, Google fundamentally changed the way that its Chrome browser displayed "unsecured" webpages. Historically, browsers have indicated when connecting to a secure website but remained neutral when connecting to a website over regular HTTP.
Since 2018, Google calls out sites with encrypted connections as “Not Secure” in the URL bar. The move flipped the convention of how Chrome displays the security of sites on its head.
If you’re browsing on an unsecured connection, your internet provider and any bad actors can hypothetically see not just which site you’re on, but what specific pages. Not so with HTTPS, a benefit that has clear implications for, say, pages that ask for or contain sensitive information—have good reason to embrace it.
How do I get an SSL certificate?
The cost of an SSL certificate is very minimal when compared to the additional benefits around security that you offer your end users. SSL certificates are priced between $200 and $750 CAD per year. Obtaining an SSL certificate for your site can usually be accomplished quite quickly: />
- Submit request to certificate authority – This can be handled by Sherpa
- Prove domain ownership – An email validation will be required to prove to the certificate authority that you are the owner of the domain
- SSL certificate installation – This can be handled by Sherpa
After the SSL certificate is installed, your web traffic will be protected from prying eyes and your users will appreciate the added security.
Contact us today for more information or to get your website's security up to date.