Almost every day I am asked about website security. We are living in a world where despite what many of us think, the minute we put things online our data is out there, so we need to be doing all that we can to protect our own data and that of our clients. The question I get asked most often is “Do I need an SSL certificate?”. The definitive answer is YES!
What is a SSL?
Secure Sockets Layer (SSL) allows the information that users put on your site to be encrypted, and any information that is sent through the website and back again, remains safe ensuring that the information cannot be stolen.
Securing your website is an absolute must. Having an SSL certificate offers you and your users the peace of mind that any personal information they share on your site or any transactions that take place, are taking place in a safe and secure environment.
Search engines, such as Google, are clamping down on sites that are not perceived as secure, and those that do not have an SSL certificate will remain as ‘http’ in the browser and those with certificates will show up as ‘https’ with the ‘s’ standing for secure encryption. Google also flags websites that do not have the correct security measures in place, with a ‘Not Secure’ warning popping up on the user’s screen asking if they would like to continue to the website. If that isn’t convincing enough, having an SSL certificate will also assist in your website having a better ranking during Google searches.
Is an SSL certificate necessary?
If you are collecting user information, even in the format of a simple form, or wanting to process payments through your site, an SSL certificate is absolutely necessary. When applying for an SSL certificate, your website will be authenticated and validated by the Certificate Authority (CA), and once your website has been approved you will receive trust indicators to use on the site, letting users know that your site has been vetted and found to be trustworthy. If you are selling products on your site and will be collecting payment information you are required to be PCI compliant, with one of the requirements being an SSL certificate.
Isn’t an anti-virus good enough?
Once there was no need for anything other than a good anti-virus programme, however, nowadays with malware on the increase, an anti-virus, no matter how good, will not be enough to keep information on your site safe and confidential. It is the responsibility of the owners of the website to make sure that their sites are secured and their users’ information safe. This builds trust and a solid relationship between the user of the site and the owner. A survey conducted by HubSpot Research using a sample group of consumers from the UK, US and Australia, asked whether they would continue browsing “Non-secure” sites, with the below results: