Does your website have a current SSL certificate?
You may have noticed a little closed padlock icon next to the domain name of the website you’re visiting. This little lock displays whether or not the website you’re visiting is secure via an SSL certificate.
SSL stands for Secure Sockets Layer, which is a security protocol that creates an encrypted link between a web server and a web browser. Basically, these certificates are needed in order to keep your data safe, especially when it comes to customer information and online transactions. This information includes, but is not limited to, customer data, website data, credit card information, usernames and passwords, etc.
Why would you need an SSL certificate?
- Keeps data secure within your website
- Builds and enhances the trust of your visitors
- Avoids your website being flagged as an insecure site
- Helps protect your website from attacks
- Recommended by VITA’s Enterprise Architecture Standard
- Improves your site’s searchability on search engines such as Google
Twenty years ago, we relied solely on antivirus software and firewalls for the protection of both business and home computers, however the world of technology has evolved greatly. It’s imperative that your site not be the cause for a customer receiving malware or having their data compromised. Not only will your site be open to attack, but Google will flag your website as “Not Secure” to users. Any text inputs such as login panels, contact forms and search bars should be automatically assumed as being read by an attacker. Not having an SSL puts you and your users/viewers at risk.
How do SSL certificates work?
SSL certificates use public key cryptography, which utilizes two keys of long strings of randomly generated numbers called a private and public key. The public key is available to the public domain and can be used to encrypt any message. A private key is used to both encrypt and decrypt the data and is shared between the sender and receiver of the data. The start of this communication is called a TLS handshake in which the two parties open a secure connection and exchange the public key. Different session keys are used to encrypt communications in each new session. TLS ensures that the website is genuine in order to keep visitors safe.
Additionally, a site without an SSL certificate will appear as HTTP:// in its URL whereas a site with an SSL certificate will show as HTTPS:// in its URL. HTTP stands for Hypertext Transfer Protocol and is a protocol used for presenting information such as data over a network, like your website. The issue with having just HTTP for your site is that anyone monitoring the connection between your users (including admins) and your site is that anyone could be reading the data being sent and received as the data is being presented in plaintext. With an SSL, your site will be seeing as HTTPS, and instead of seeing plaintext, the attacker would only see a series of random characters.
Getting an SSL Certificate
An SSL certificate may be obtained by a certificate authority. A certificate authority issues Digital Certificates, which are verifiable small data files that contain identity credentials to support websites, users, and devices certify their online and verified identity. Certificate Authorities issue millions of digital certificates each year, which are then used to protect and encrypt information/communications and digital transactions.
SSL Certificates cost an average of $60 per year, but the prices can greatly vary. The average of a Single Domain SSL Certificate (example, www.yourwebsite.com) can be about $5 per year, but if you have first-level subdomains (example, info.yourwebsite.com) you will need a Wildcard SSL which costs about $30 per year. If you have multiple domains (example, www.yourwebsite.com and www.yoursecondwebsite.com) then you’ll need a Multi-Domain SSL certificate that can be about $60 per year.
Once this certificate is obtained, it then needs to be installed onto the web server for the website. A web host, like AISN, can help you determine which SSL certificate you need as well as installing the certificate on your domain(s).
Are they really that important?
Short answer, yes.
Long answer, also yes, but here’s why. As covered earlier, not having an SSL certificate allows the information being shared between your website and your users to be easily accessed by hackers. This can lead to leakage of their personal data such as name, address, payment details, etc. Additionally, Google has been working hard since 2017 at identifying unsecured sites. Not only do they notify viewers of a site without an SSL as “Not Secure” but they also put your site further down in search engines. Not only the aforementioned, but without an SSL, your users may not view your site as trustworthy, and it’s only a matter of time before their fears of having their data compromised could become a reality.
Looking to secure your website but still have questions? Feel free to shoot us a message by filling out our contact form below. Don’t worry, we have an SSL certificate and our site is encrypted to keep your data safe.
AIS Network is a Virginia SWaM-certified leader in cloud enablement, information security and risk management, managed services and award-winning application development with a wide footprint in the health care, government, financial and other corporate sectors. Solving complex IT challenges and managing digital risk to help clients thrive in an unpredictable world has been our core business for more than 28 years. As the trusted and reliable partner of the Commonwealth of Virginia since 2012, we drive exceptional value through our deep knowledge of state agency data protection, compliance, governance and internal auditing procedures and controls. Our unmatched customer experience is rooted in decades of expertise engaging with Forbes- and Fortune-ranked global corporations, government agencies and other large enterprise clients to deliver these solutions in addition to multi-cloud managed services for the world’s leading platforms, data visualization and analytics, high security hosting and consultative reviews.