Roughly 60% of the world’s top 500,000 websites are insecure and vulnerable, according to ongoing SSL Pulse research. It’s a jaw-dropping number; but what’s even more stunning is the fact the percentage of technically unsafe websites is likely even larger if you look at the internet’s top-million most popular websites.
cIf the answer is no, we have some compelling reasons that you might want to correct that– ASAP. But first, we’ll tell you a little more about what security certificates are, and just how they protect you, your website… and your visitors.
What Are Security Certificates?
It’s not impossible, or even uncommon, for hackers to be able to disguise their digital identity as a secure website, server, or computer with which your website or databases should communicate. In fact, Google identifies over 9,000 websites compromised or hacked in a fashion like that every day.
Security certificates are protocols which verify server and website identities and mark them as “legitimate”, while also typically adding encryptions onto data which make the website– and any data it transmits– more difficult for hackers to access, and should they access it, make it more difficult to understand.
Common Security Certificates and Key Terms
You’ve likely already heard some key terms about security certificates, like ‘SSL’ and ‘HTTPS’. While some people might use these acronyms interchangeably, they’re not quite the same thing. And, believe it or not, they’re not the only security certificates out there!
SSL Security Certificates
SSL stands for ‘Secure Sockets Layer’, and SSL certificates enable encryptions over the transportation of a website’s data. This is a lower-level security option, which is effectively a bit like using morse code. The computer and server don’t really care about the content information they’re receiving, but about the fact that the information is encrypted and more difficult for nefarious individuals to make sense of, should they intercept it. There are different kinds of SSL certificates, including:
- Domain Validated Certificates – Domain Validated certificates (DV certificates) are a low-level SSL certificate for websites which don’t really transmit sensitive data but want to signal to their consumers that they’re legitimate. Domain Validated certificates cannot be used to encrypt commercial data, and is typically the cheapest variety of certificate.
- Organization Validated Certificates – Organization Validated certificates (OV certificates) are signals to visitors and consumers that the website is legitimate, and the business or organization has been validated using governmental documents and databases. It’s at this level of SSL verification that browsers will display a small padlock alongside the website’s URL as a symbol of its data trustworthiness.
- Externally Validated Certificates – Externally Validated certificates (EV certificates) typically display a small green bar with the organizational name alongside the website domain name, and are proof that the organization or business owning the website has passed several requirements from external sources.
TLS Security Certificates
The most updated SSL designation was released in the mid-90s, which in the tech world is approximately an eon ago. Considered the ‘new and improved’ iteration of SSL, TLS (Transport Layer Security) received its most updated iterations in 2008, and doesn’t suffer some of the weaknesses often seen in SSL. For example, SSL certificate websites are still vulnerable to some specific kinds of hacks, including Man in the Middle attacks and SSL stripping, which generally allow hackers to rewrite SSL redirects.
HTTPS is the combination of standard HTTP (HyperText Transfer Protocol) and SSL or TLS. So, HTTPS it is the combination of the two protocols, HTTP and SSL… or HTTP and TLS, working together to move information from A to B, ensuring that it is encrypted, but also caring about the content of that information and ensuring that it’s comprehensible to the user. In general, most website owners purchase SSL or TLS certificates for the purpose of achieving the HTTPS designation.
Why Bother With Security Certificates?
The obvious answer is, of course, security! Especially considering the increasing proliferation of hacking and data theft, enabling security certificates can be an incredibly cost-effective way to increase your website’s security. Most website security certificates range from $65 to $1,000 a year. For comparison, corrupted or compromised data and website recovery costs can easily exceed $1,000 if you’re working with a certified professional. When the cost to give yourself another layer of protection is so small by comparison, why run the risk?
But increased security isn’t the only great reason to make the transition. There are also benefits to SEO and consumer confidence, and of course in some cases security certificates are legally required.
SEO Benefits of Security Certificates
In 2014, Google officials made an official announcement that utilizing HTTPS would provide a small SEO boost to websites appearing on their search engine. And since Google claims over 60% of all internet searches, the broadly-understood rule of thumb is, “if Google wants it, do it”.
Google has regularly demonstrated that they care about the user experience individuals using their search engine receive when they use it to visit websites. They’ve used other algorithm changes, such as the SEO bump given to websites which are mobile-friendly, to encourage website owners to deliver better performance. And as hacking and data security become a larger and larger concern to ordinary web browsers, it only makes sense that they want to do their part to create a safer internet.
This doesn’t mean that having HTTPS will ensure that you outrank other high-quality websites which don’t have it; according to the SEO geniuses at MOZ, it’s a small enough signal that it might be used to break ranking ties between domains. But if you’re trying to SEO for tough keywords, that’s more than enough reason to consider implementing security certificates.
Brian Dean from Backlinko.com also has this report in which his team analyzed over 1 MILLION SERPs. That’s actually 10 million web pages. Although it helps with SEO, SSL isn’t something you need to be especially concerned with for SEO itself. The caveat is if you are taking payment information over your website, then by law you will need SSL.
However, this quote should be of some use.
“I wouldn’t sweat HTTPS so much. It might help a little, but it’s probably not worth switching.”
– Brian Dean of Backlinko.com
Consumer Confidence Affects Your Business
You’ve probably noticed in the last year or so that when you go to major websites, there’s a nice green bar with the organization’s name beside the URL of the website. It’s a comforting sign of security for most people. And Google announced that they’ll soon be placing red ‘insecure’ markers on websites which don’t have security certificates. How do you think having that red ‘x’ will affect your website traffic?
If you’re skeptical that there will be any effect, check out this research, which proves a positive correlation in ecommerce websites between security certificates and completed transactions. If you think that having a glaring red ‘insecure’ symbol won’t scare potential visitors or consumers away, you might want to guess again.
Signs of trustworthiness on a website often correlate to positive visitor experiences, and an increased likelihood that visitors will return and engage with a website. It’s always important to remember that a visitor’s assumption that your website isn’t trustworthy one of the key factors which can contribute to a high bounce rate. Posting prominent identifying and security information on websites is often one of the most-touted ways to signal to website visitors that the website is trustworthy.
How Often Must I renew my SSL Certificate?
SSL certificates can be purchased for one to six years, and they are valid until the expiration date. SSL certificates can’t be renewed or extended during that time, so make sure you choose your SSL validation period wisely.
It’s critical to keep your SSL Certificate up to date and valid. Letting a certificate expire can invite a ton or problems. Visitors to your website will get a notice that the certificate is expired, which can really set a bad tone. You’re online store will also be in violation of PCI compliance if that certificate expires.
Did you know that for many industries which handle sensitive client information, it’s now a legal requirement to provide a security certificate? For example, the PCI DSS requires that almost any business which collects or transmits credit card information must have a security certificate, and in some cases, additional security measures, in place.
And sometimes specific industries will have their own reasons to require security certificates, including healthcare websites, law firm websites, and banking websites. And even if you’re not in violation of legal requirements, clients might be able to take legal action against your organization if you don’t sufficiently protect their sensitive information.
The Bottom Line
Now you know what security certificates are, how they’re used, why your website should have them, and even how to install them! But this article began by talking about security, and that’s also how we’ll end it. There’s no such thing as 100% secure; and no such thing as an un-hackable website, server, or network. So a security certificate should just be one element of your website safety standard– whether you’re running an ecommerce shop, storing client data, or even just running a large, frequently-visited blog. Because at the end of the day, it’s not just about actually protecting your website and its data; it’s about sending a clear message to your visitors that you care about data privacy and security.
To Learn More About Website Security Certificates
eCreations partners with leading providers to offer the right SSL Certificates no matter what your unique need or circumstance might be. Learn more about SSL Certificates.