Have you noticed that some URLs start with “http://“ while others start with “https://“? And that extra “s” is there when you’re browsing websites that require giving sensitive information, like when you’re paying bills or shopping online. But where did that extra “s” come from and what does it mean?
This is the definition from SSL.com: “SSL is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browser remain private.” SSL stands for Secure Sockets Layer and is used by millions of websites in order to protect online transactions with their customers.
Let’s explain that.
When you fill out a form on a certain website and hit ‘submit’, the information you entered can by intercepted by a hacker if the website is unsecure. This information could be anything from credit card details to high-level information you enter to register for an offer. So what does the hacker do? The most common type of attack is this: the hacker places a small, undetected listening program on the server hosting a website. That program waits in the background until a visitor starts typing information on the website, and it will activate to capture the information and send it back to the hacker.
When you visit a site that’s encrypted with SSL though, your browser will form a connection with the web server, look at the SSL certificate, and then bind together your browser and the server. This means no one can see or access the information that you type into your browser.
The connection will happen instantly and it’s even faster than connecting to an unsecure website.
According to recent research, up to 85% of people will not continue browsing if a site is not secure. You probably experienced that when using the Google Chrome browser. You get a warning that says the website is not secure so you can choose what to do next. Would you continue browsing a site that is not secure? No, we didn’t think so either.
How can you tell if a website has SSL? The URL looks like this: “https://cubelab.co.uk” and has a padlock icon in the bar. You can click on the padlock to read more about the website and the company that provided the certificate.
Be careful though! Even if a website has the “https://“ and a padlock, the certificate could still be expired, meaning your connection wouldn’t be secure. So if you’re browsing on a website that requires a lot of personal information make sure you double-check to be sure the certificate is valid. To do that in Chrome, go to view > Developer Tools. Navigate to the security tab and you can see if the SSL certificate is valid or expired. If you click “View certificate” you will be able to see more information about the certificate and the specific date it’s valid through.
Now if you’re hosting websites and they contain forms, even if you’re just asking for an email address, you should enable SSL. It’s best to enable SSL across your entire website regardless if a form exists because it can have SEO benefits. Yes, the benefits are primarily for the visitors of your website, but there are benefits for SEO as well.
Google has publicly stated that two websites which are otherwise equal in search results, if one has SSL enabled it may outweigh the other. As a result, there is a clear SEO benefit to enabling SSL on your website(s).
How do I protect my website with an SSL certificate?
Free SSL certificates are available but we recommend a paid-for solution to be confident that your site is fully protected. Our basic SSL certificate costs £60 a year (plus Vat) and we charge a small, one-off fee of £120 (plus Vat) to set that up for you.
Contact us for more information