Does your website have a current SSL certificate?
You may have noticed a little closed padlock icon next to the domain name of the website you’re visiting. This little lock displays whether or not the website you’re seeing is secure via an SSL certificate.
SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser. These certificates are needed to keep your data safe, especially regarding customer information and online transactions. This information includes but is not limited to, customer data, website data, credit card information, usernames and passwords, etc.
Why would you need an SSL certificate?
- Keeps data secure within your website
- Builds and enhances the trust of your visitors
- It prevents your website from being flagged as an insecure site
- It helps protect your website from attacks
- Recommended by VITA’s Enterprise Architecture Standard
- Improves your site’s searchability on search engines such as Google
Twenty years ago, we relied solely on antivirus software and firewalls to protect both business and home computers; however, the world of technology has significantly evolved. It’s imperative that your site not be the cause for a customer receiving malware or having their data compromised. Not only will your site be open to attack, but Google will flag your website as “Not Secure” to users. Any text inputs such as login panels, contact forms, and search bars should be automatically assumed as being read by an attacker. Not having an SSL puts you and your users/viewers at risk.
How do SSL certificates work?
SSL certificates use public key cryptography, which utilizes two keys of long strings of randomly generated numbers called private and public keys. The public key is available in the public domain and can encrypt any message. A private key is used to both encrypt and decrypt the data and is shared between the sender and receiver of the data. The start of this communication is called a TLS handshake, in which the two parties open a secure connection and exchange the public key. Different session keys are used to encrypt communications in each new session. TLS ensures that the website is genuine to keep visitors safe.
Additionally, a site without an SSL certificate will appear as HTTP:// in its URL, whereas a site with an SSL certificate will show as HTTPS://. HTTP stands for Hypertext Transfer Protocol and is a protocol for presenting information, such as data, over a network like your website. The issue with having just HTTP for your site is that anyone monitoring the connection between your users (including admins) and your site could be reading the data being sent and received as the data is being presented in plaintext. With an SSL, your site will be seen as HTTPS, and instead of seeing plaintext, the attacker will only see a series of random characters.
Getting an SSL Certificate
A certificate authority may obtain an SSL certificate. A certificate authority issues Digital Certificates, which are verifiable small data files that contain identity credentials to support websites, users, and devices that certify their online and verified identity. Certificate Authorities issue millions of digital certificates each year, which are then used to protect and encrypt information/communications and digital transactions.
SSL Certificates cost an average of $60 annually, but the prices vary significantly. The average of a Single Domain SSL Certificate (example, www.yourwebsite.com) can be about $5 per year, but if you have first-level subdomains (example, info.yourwebsite.com), you will need a Wildcard SSL, which costs about $30 per year. If you have multiple domains (for example, www.yourwebsite.com and www.yoursecondwebsite.com), then you’ll need a Multi-Domain SSL certificate that can be about $60 per year.
Once this certificate is obtained, it needs to be installed onto the web server for the website. A web host, like AISN, can help you determine which SSL certificate you require, as well as install the certificate on your domain(s).
Are they really that important?
Short answer: yes.
Long answer, also yes, but here’s why. As covered earlier, not having an SSL certificate allows the information being shared between your website and your users to be easily accessed by hackers. This can lead to leakage of their data such as name, address, payment details, etc. Additionally, Google has been working hard since 2017 to identify unsecured sites. Not only do they notify viewers of a site without an SSL as “Not Secure,” but they also put your site further down in search engines. Not having an SSL can make your website appear untrustworthy to users. This can lead to a lack of confidence in your site and ultimately result in the compromise of their data.
Are you looking to secure your website but still have questions? Feel free to message us by filling out our contact form below. Don’t worry, we have an SSL certificate, and our site is encrypted to keep your data safe.
AIS Network is a Virginia SWaM-certified leader in cloud enablement, information security, risk management, managed services, and award-winning application development with a broad footprint in the healthcare, government, financial, and other corporate sectors. Solving complex IT challenges and working digital risk to help clients thrive in an unpredictable world has been our core business for over 28 years. As the trusted and reliable partner of the Commonwealth of Virginia since 2012, we drive exceptional value through our deep knowledge of state agency data protection, compliance, governance, and internal auditing procedures and controls. Our unmatched customer experience is rooted in decades of expertise engaging with Forbes- and Fortune-ranked global corporations, government agencies, and other large enterprise clients to deliver these solutions in addition to multi-cloud managed services for the world’s leading platforms, data visualization and analytics, high-security hosting, and consultative reviews.