Why You Need SSL - Even If You Aren't Selling On Your Website

Web security is becoming more and more mainstream. 2016 featured a number of high profile data breaches.
 
LinkedIn, Oracle, Yahoo, DropBox, Cisco
 
One of the easiest modes of adding security to a website is forcing users to connect to your website using SSL.
 
What Is SSL?
To explain this to my mom, I would say that HTTPS means there is a padlock in the address bar. :)

/_uploads/images/contenthub-posts/08-2017/ssl_sherpa_lock.jpg

More technically, SSL means that all communications that occur between the browser and the webserver are completely encrypted. Anyone watching the data move between the webserver and the user’s browser would not be able to see anything but random noise.

Does every site need an SSL?
YES! Even if your site does not collect personal information, credit card details or have a sign in form, SSL makes sense for several reasons:
  • Ensures the version of the site that the visitor sees is the version of the site that you built. The encrypted nature of the HTTPS communication ensures that there are no third parties inserting themselves between the visitor’s browser and the webserver and altering any of your content
  • Privacy. Edward Snowden revealed in 2013 just how much surveillance was occurring by the world’s nation states. Even if your site serves nothing of a personal nature, visitors should still be able to surf without having to worry about their ISP, IT department or other large third parties being able to see what they are reading or posting.
  • Malicious Ads. There were many examples of malicious ads being served to visitors that caused "drive by injections". Had the communication been encrypted, this would not have been possible. The New York Times, BBC, AOL and MSN were all caught serving malicious ads on their respective websites in 2016.


Google Chrome
With the launch of Chrome version 56, Google is fundamentally changing the way that its Chrome browser will display "unsecured" webpages. Historically, browsers have indicated when connecting to a secure website but remained neutral when connecting to a website over regular HTTP. Google's security team wants to change this.

In Chrome 56, websites that display a login form or ask for credit card information and do so over an unsecured HTTP connection will show a “Not Secure” notification beside the address bar.

/_uploads/images/contenthub-posts/08-2017/ssl_chrome.jpg

Google has also indicated that future version of Chrome will take this even further by showing the “Not Secure” error message in red and, ultimately, showing this notification on any sites that do not employ SSL.

In 2014, Google published a blog post (https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html) indicating their intention to start using SSL as a ranking signal. Offering SSL on your website will help in having it displayed higher in organic search results.

How do I get an SSL certificate?
The cost of an SSL certificate is very minimal when compared to the additional benefits around security that you offer your end users. SSL certificates are priced between $50 and $150 per year. Obtaining an SSL certificate for your site can usually be accomplished quite quickly:
  1. Submit request to certificate authority – This will be handled by Sherpa
  2. Prove domain ownership – An email validation will be required to prove to the certificate authority that you are the owner of the domain
  3. SSL certificate installation – This will be handled by Sherpa


After the SSL certificate is installed, your web traffic will be protected from prying eyes and your users will appreciate the added security.

Related Posts