The benefits of having an SSL secure website
By Calla Smith-Triglia in Technology on October 22nd, 2019
What is SSL?
“SSL” technically stands for “secure sockets layer,” but the keyword here is “secure.” Essentially what an SSL certified site does is encrypt (or encode) the data being passed between a web server and the browser where your customers are accessing your website. This prevents malicious third parties from intercepting data, inserting their own data, or even redirecting your customers to other unsecure webpages.
How Common is a Data Breach?
If you don’t pay much attention to tech news, these types of data breaches do happen — a lot. CSO Online has reported on the 18 biggest data breaches of the 21st century, and many of the victims are big-name companies you would recognise. Yahoo, for example, was hacked twice in two years, and their second hack compromised the data of 3 billion people. Marriott lost the information of 500 million customers as recently as 2017. Even since the publication of the referred to article, 540 million Facebook users had their records exposed due not to a hack, but a lack of security measures. Facebook is now undergoing a federal criminal investigation as a result. The risk posed by data breaches is real, and there are real consequences. This all goes to show that no company, no matter how large or far-reaching, is immune to being taken advantage of when security measures are poor. This does not mean, however, that smaller businesses are less at risk, as there is a multitude of ways that sites with lax security standards might be targeted.
Ways Your Site Can Be Targeted
There are a few common tactics used when an offender is trying to take advantage of your unsecure website. It is a common misconception, but this person or entity is not necessarily always a criminal attempting to steal the information of innocent consumers. Even internet service providers have been known to insert their own ads onto the websites users are browsing. Injecting ads (or injecting code, examples of which include Cross-Site Scripting or SQL Injection) is one of the most common issues on an unsecure website. This may not seem like the most directly harmful hack possible, but you have spent time, money, and energy constructing a website which feels authentic to your business and aesthetically represents your storefront online. You probably don’t want that effort tainted by an ad which at best disrupts the thoughtfully selected look of your site, and at worst carries your customer away to an unrelated page. It should be noted, at dazzle works our websites are immune to SQL Injection attacks, simply because we don't use a back end database that utilises SQL. As an example, all Wordpress websites use SQL as their backend database.
Unfortunately, the possibilities only get worse from there. Another common tactic is “spoofing” or “cookie hijacking.” These are examples of when web traffic from an unsecure webpage is interrupted and redirected to a different site. In spoofing, often this site will be designed to look just like the webpage the user has been rerouted from, and the user can then be prompted to input personal data under the assumption that they are still on the trusted website they were attempting to find in the first place. Even if users are not directly prompted for their information, the browsing data a third party can gather may still de-anonymise users, revealing things like private health data or even commonly used passwords, leaving them at risk for other hacks or for this information being made public.
Benefits of a Secure Website
Apart from the financial cost if your site were to suffer a data breach, there are many advantages of ensuring your site is preemptively secure. Web-users nowadays are increasingly aware of their own risk while online; the larger data breaches we talked about earlier made worldwide news. This means that your older users will be more anxious, and your more tech-savvy younger users will be familiar with the ways they can remain protected online. Compounding all of this is the fact that the most popular web browsers (Google, Safari, Firefox, Internet Explorer, Edge, and Opera) all now have added features designed to make it easier for users to identify which sites are or are not secure. Unsecure sites often come with a pop-up, alerting users to the dangers of visiting an unsecure site and presenting them with an option to either proceed or leave the page. You’ve probably seen these pop-ups yourself; they look like this:
We are not going to provide a screenshot for Internet Explorer, if you are reading this and you still use Internet Explorer we would strongly suggest that you upgrade to Microsoft Edge or Google Chrome. Microsoft no longer supports the browser so that means it will become more and more unsafe as time goes on.
These can significantly increase the bounce rate of your website, which is bad for business and bad for SEO rankings (…which is bad for business). The Certificate Authority Security Council conducted a survey in 2015 which found that only 2% of consumers would ignore an untrusted connection message, like the ones above. That means you’re potentially losing 98% of your consumer base to an unsecure connection. It’s not only web browsers issuing these warnings either — most anti-virus software systems will have them too, so it’s unlikely that an unsecure website is escaping without an alert to users.
On top of losing customers who have already clicked on a link to your website, you are additionally losing customers before they even have the opportunity to see your page. This is because, as of 2014, Google weighs sites with a secure web address more heavily in search rankings than those with an unsecure address. Google doesn’t want to be at fault for a breach in customer information either! Making sure your website is secure is an easy step towards ensuring that your site is Search Engine Optimised, and if you already have a website, you’re probably aware of the importance of SEO in gaining web traffic for your business. So don’t waste any SEO measures you may already have taken by having an unsecure website getting pushed down the Google rankings.
Types of SSL Certificate
Ok, so you need to secure your website. Which SSL certificate should you choose? There are three main types available, and each offers something slightly different. It is important to note, however, that they all offer information encryption, which is the most important feature of SSL. The additional features that come with some levels of certification function mainly to reassure your users that they are browsing an official webpage. Regardless of the certificate you pick, prices can vary depending upon the body you choose to issue your certificate, and which type of certificate you decide on. Examples of these issuers include GoDaddy, Let’s Encrypt, and Symantec, though there are many. At dazzle works, all of our websites come with automatically updating SSL certificates free, courtesy of Let’s Encrypt. Now, your options:
The most advanced, and correspondingly most expensive, level of certificate is an Extended Validation Certificate (EV SSL). With this, you get a padlock icon on the search bar, and an https (Hypertext Transfer Protocol Secure) web address, and your business name and country displayed in the search bar in green. You’ll need to go through a fairly extensive identity verification process to obtain this certificate, confirming your organisation’s legal name, physical address, official phone number, and other details. This type of certificate is ideal for big businesses who handle a significant amount of customer data or online payments.
The Organisation Validation Certificate (OV SSL), offers an only slightly more modest level of authentication. With it, you still get the search bar padlock, an https address, and your business name and country in green. It also still includes some vetting of your organisation, the main purpose of this being to confirm that the entity in question is legitimate for the peace of mind of your customers,
The last type of certificate and the type we here at dazzle works include for you for free is the Domain Validated Certificate (DV SSL), which is the type we feel is most appropriate for the small businesses we serve. It is the quickest type of certificate to attain, and it verifies your domain name without requiring you to jump through hoops to justify your business. Like all SSL certificates, this verifies that any information your customer's input on your website will be encrypted, and it comes with the padlock icon and https address to confirm this.
Our Websites are Secure
Whether you decide to stick with the option we offer you for free or opt for a more advanced SSL certificate, we at dazzle works will be here to help you every step of the way. Also, regardless of certificate type, our websites are already extremely secure. Usually, the front end of a website (what the web user sees) is connected to the back end (where content is added to the website) — this is how all Wordpress websites are structured. In building our websites, the two ends are decoupled. There are many benefits to using a “headless” CMS, but of interest in terms of security is that separate front and back ends create a safeguard against potential hackers. So, although it is important to understand why security is so necessary for your website, dazzle works take the worry out of this equation for you automatically!