There is a common misconception that if someone adds SSL (Secure Sockets Layer) to their blog site or company website then it will protect them from cyber crimes. SSL only protects the data of the client who uses the website. Other than providing protection for website visitors’ data, SSL does not in fact make a website secure.
To understand why, let’s unpack what SSL is and how it impacts your websites’ security.
What is SSL?
SSL and its newer and cooler cousin TLS ( Transport Layer Security) are cryptographic protocols that encrypt data being sent across the internet. TLS has since replaced SSL due to some serious vulnerabilities, but the term to refer to this security feature is still SSL. Just note that we mean TLS when we say SSL.
SSL makes sure that when a website visitor logs in, or checks out of an ecommerce site their personal information is not “understood” by anyone who may be snooping other than the intended party, or server.
Having an SSL certificate allows websites to have https in their url instead of an http.
Why Should you Care?
Reputation
SSL allows you to provide a safe environment for your customers. If their data is stolen because your site is not secured, this can damage your reputation in reviews and word of mouth. The risk is real. Compared to Q1 of 2021, Q2 of 2021 has seen the volume of stolen payment data more than double.
Not Having SSL Spooks Your Website Visitors
If you don’t have SSL your clients are vulnerable to having their data “sniffed”, not only that, but your company ranking and user experience can suffer. Browsers have started tagging HTTP sites in more obvious ways to deter visitors. When users try to enter a site without an SSL certificate, they are greeted with a warning stating that the site they are about to enter is Not Secure. This causes many visitors to reconsider a competitor’s secure site instead.
Source: Google Images
Search Ranking Goes Down
When Google announced a change to their ranking algorithm that would factor in a website’s SSL certificate, SSL became the norm overnight. This was in 2014, and the expectation from consumers for all websites to have SSL, has only increased over time.
What SSL Does and Does Not Do
SSL secures the client’s data through encryption. The client’s browser performs a “handshake” with the website’s server that creates a secret encryption known only by the server and the client.
It does not secure the website from malware infections, cross-site-scripting, DDoS attacks, SQL-Injection etc. But that is because SSL is not intended to protect you from these things. It is intended to protect the transmission of data with the client. It does its job and provides a level of confidence to consumers. That leaves the rest of the daunting task of website security to you, or your friendly website security vendor Sucuri 😉
Think of SSL as writing a message in a very specific way, where only the person who you intend to receive it will ever understand. Anyone who may come across that message will never make sense of it.
One good example is how we often see in spy movies, someone draws an X on a random trash bin. To you it would make no sense, but the person it was written to will understand it.
Where do I get an SSL Certificate?
You purchase an SSL Certificate from your web hosting or security service provider or a Certificate Authority ( CA). There are CAs like Lets Encrypt that provide SSLs for free in the interest of creating a safer internet. Many service providers, including Sucuri, also offer this benefit for free with their products.
SSL makes the World Wide Web a safer place for consumers, and keeps your search engine results from being penalized. Have any unanswered questions about SSL? Check out our free SSL guide or drop us a line..