When it comes to securing data, businesses rely on firewalls, secure web gateways, antivirus software, automatic backups, privileged access management tools, and so on. All of these are important, and in some sectors like healthcare they’re required as part of a robust and compliant data governance program.
However, there is another piece of the information security puzzle that every business should have, but many still don’t — and the consequences of this omission could be severe; especially in light of big changes at Google (which we’ll get to in a moment). First, let’s shine the spotlight on what this is all about: an SSL (secure) certificate.
What is an SSL Certificate?
In the offline world, a certificate is usually a piece of paper acknowledging an accomplishment, deed, anniversary, and so on. But in the online world, a secure certificate is captured by a single letter that appears in a web browser’s address bar: “s”.
That “s” — which either appears or doesn’t appear at the end of “http” and before a specific website — certifies that the website is HyperText Transfer Protocol Secure, or HTTPS for short. For example, if you glance up (and if your browser is set to display the address bar), then you’ll see that the Noble Webworks website is HTTPS certified.
Websites with a secure certificate use technology to encrypt data that is submitted by visitors, such as when they subscribe to a newsletter, download an ebook, make a purchase, register for a webinar, log into a forum, launch a chat, and so on. Essentially, this certificate tells visitors that the website owner is legitimate and safe to communicate with.
What if There is No SSL Certificate?
It’s important to point out that websites that don’t currently have an SSL certificate (e.g. http instead of https) aren’t necessarily fraudulent. As noted above, many businesses — including those with robust data security in other areas — don’t yet have a secure certificate. This is especially likely among small businesses that created their website years ago, or had their website created for them.
If Your Business Has a Secure Certificate…
Good! Encrypting visitor-supplied data has been a best practice for several years, and you (or your web developer) are on the right track.
If Your Business Doesn’t Have a Secure Certificate…
You need one ASAP! There are four key reasons for this: visitor confidence, firewalls, Chrome warning, and SEO.
- Visitor confidence: a growing number of people are steering clear of websites that don’t have an SSL certificate. Or at the very least, they visit these websites, but they won’t submit information. For example, they’ll browse products/services on website that doesn’t have a secure certificate, but they’ll make their purchase on a website that has a secure certificate.
- Firewalls: many corporate firewalls are set to restrict access to websites without a secure certificate. Or if they don’t outright forbid access, they launch a scary warning screen that dissuades most people from moving ahead (in some cases, potential visitors may think that the website has been hacked).
- Chrome warning: As of July 2018, Google’s Chrome web browser (version 68) is labeling all websites without a secure certificate as “Not Secure.” In the past, visitors were only told that a website (with a secure certificate) was secure.
- SEO: Experts believe that Google has tweaked its search engine algorithm to boost the ranking of websites with a secure certificate. Or, if one prefers the pessimistic glass half-empty version: Google is penalizing websites without a secure certificate.
We Can Help
If you don’t have a secure certificate, then don’t panic: getting one is easier, faster and less expensive than you think. Contact us today, and we’ll tell you what needs to happen to go from insecure to secure (website-speaking, that is!). Your consultation with us is free.