SSL, or Secure Sockets Layer to give it its full name, is an encryption method used to keep your users’ data safe and secure. To put it simply, this “encrypting” means encoding or jumbling up the data on one end and unjumbling it into its original form, decrypting it, on the other.
Practically, this means that when somebody enters information into your website (e.g. an enquiry or a booking) the information is jumbled up while it's being sent from the user’s computer to the website’s server.
Why? So if someone tried to grab those personal details while they were in transit, they would only receive the jumbled up information, which will be of no use without the key to decrypt it.
Let’s explore an example. Joan wants to book a weekend break at your boutique hotel - she heads to your website, then visits the booking page and enters all the necessary information; her name, email, home address and perhaps even credit card details.
Without an SSL certificate in place, Joan’s personal data is put at risk as it’s sent in an unscrambled easy-to-read plain text format - a data thief can steal her information with little trouble. With an SSL certificate in place, you're making sure that Joan’s data is secure and jumbled up in transit.
If your site is SSL protected you'll usually see a little padlock in the top left corner of your web browser when you load up your website.
First of all, you have a moral obligation to ensure you treat your customer’s data with care and keep it safe from compromise.
As well as a moral obligation, you have a legal obligation too. Under the recently introduced GDPR regulations (https://wearearise.com/gdpr-what-is-it), if you aren’t securing personal data you could be at risk of a large fine from the ICO.
Even if you aren’t taking personal details, being SSL secured is worth it, as it’s good for business. It’s a standard that savvy users are starting to recognise as a symbol that they can trust a website or an organisation, building trust with customers is very valuable for any business.
If your site is ecommerce based, then it can be worth splashing out on a more recognised SSL brand - studies show that conversion rates are higher when you show you’re using a more popular brand such as Symantec over a lesser-known brand, even if it’s providing the exact same level of protection as the cheaper alternative.
Google has been using SSL as a ranking signal since as far back as 2014, meaning that if your site is SSL secured, you’ll have a better chance at coming up higher when people search for your business in Google.
If you don't have SSL set up at all - I would strongly suggest remedying that before anything else.
Most hosting companies will provide an SSL certificate for an annual cost (they come with various levels of protection between £10 and £600+ per year). Once you’ve purchased a certificate, you’ll need to set this up on your server - the process will vary depending on the type of web server your site sits on, but typically consists of…
Generating a certificate request from your server - a unique bit of code that’s used to generate your certificate.
Depending on the level of protection you’ll have to go through a number of validation steps - this can be as simple as uploading a file to your website, through to full vetting of your company formation.
Once validated the SSL provider will generate a certificate file. You’ll then need to install this on your server and tell your website to use it.
If you don’t have the technical knowledge to take care of it yourself, get a trusted techie on the case for you. If you have a web agency on call it can save your time and effort to have them take care of this - it’s important to make sure it’s done right and will take the hassle out of renewals in future years.
Once your SSL certificate is in place, there are still a few common pitfalls to be aware of to keep your site secure.
It may be that your SSL certificate is set up, and you can access it securely using the https:// address, but haven’t done anything to redirect traffic to the insecure http:// version. If people can still access the insecure version, even by accident, then you’re still leaving holes in your security.
If your website’s code includes third-party scripts - this could be including Google Fonts into your site, a Javascript library like jQuery, or even an integrated booking form - then you need to make sure these are brought in securely, using their own https:// address. If not, most web browsers will display a warning stating that the page isn’t fully secure.
It’s an obvious one, but each year you will need to renew your SSL certificate - purchasing a renewal, and usually running through the usual setup process again. It’s easy to forget, or for the credit card you had it set up on to have expired, but if it lapses your site will be flagged up as insecure.
Your SSL security can suffer if your server, or the network it sits on, is set up incorrectly. A very useful tool to check for any issues is the Qualys SSL Labs SSL Server Test which will give your website an overall rating from A+ to F, and flag up any problems that should be rectified.
Setting up an SSL certificate on your website, and configuring it properly, isn’t just best practice, it’s advantageous to your business too. Ensure you have a sufficient certificate set up on your site to get the benefit and treat your customers' data with care they deserve.
You'll receive an email update every 2 weeks with insight and advice to support you in your digital marketing journey. We treat your email address with care, and you can unsubscribe with just a click.