As both a user/customer or an online business owner we should be doing all we can to protect each other from whoever could be snooping, whether it's the government or cyber-criminals, and one way to help this is by SSL.
SSL is known by many different names, such as HTTPS, TLS, Browser Padlock and many more, but in their more purest form, they’re all the same thing - a mechanism to protect the data you’re transmitting across the internet.
You’ve probably noticed certain websites (like google) have an icon in the URL that helps you identify if the website is legit or not.
Even if you see this icon, make sure you ALWAYS visit the page via a trusted source - never click links from your email/mobile phone that ask you to log in. If Facebook emails you saying please log in and update your profile and has a link in it, go directly to facebook.com or via google to avoid phishing scams.
A super-quick rundown of how the internet works and how we can be vulnerable
Imagine the internet as a city with thousands of roads, as you’re walking from shop to shop, house to house. People all around you can also see you walking around, and can see your face, see what bags you're carrying and could even pickpocket you.
The web is the same, it's a series of interconnected tubes/wiring which people can intercept if they’re strategically placed, like coffee shop hotspots, BT hotspots, libraries and even potentially your home wi-fi, every time you load an image or a webpage, or even use Facebook, your computer broadcasts personal information to some extent.
So how does SSL help?
Well, SSL uses a mechanic known as end-to-end encryption. This means that your data is encrypted with a passkey known only by your browser, and the website you’re visiting. Which means all those snooping on you can only see that something is moving — they cannot see who or what.
So you could think of an SSL as your internet military-grade tank! Sure, they’ll see you rolling down the high street in a ~60-ton tin can, but they have no idea what bags you have inside, who you are, and they’re definitely not getting near your bank card!
This doesn’t mean that you’re 100% in the clear of course — the cashier you hand your card over to could always be cloning it, just like the website. So you must always use your best judgement on whether or not you trust the websites you provide with your personal information.
Here are a few examples of data that could be sent:
- Address information
- Purchase history
- Card/Bank details
- Internet history
So now you know the whole internet is out to get you, and everybody wants your money, how can you protect yourself, and your users?
Firstly as a user
- You need to be vigilant
- Make sure the website you’re using is not a fake
- Check the domain name in the browser address bar is what you’d expect it to be
- If it’s a website like a bank/Facebook/Paypal, it will ALWAYS have the padlock in the browser, or green icon etc. If it doesn’t, then it’s a fake
- Opt-in for a VPN solution like CyberGhost or Freedome
As an online business
This is where we start to get a bit technical, and where the business owners out there will want to pay attention.
Apart from making sure you’re customers are safe whilst using your website there are two other key benefits to switching to HTTPS:
1 - Google will rank you better - It likes to keep its users safe, and rewards sites that make sure that happens.
2 - Browsers/Apps won't out you as being insecure - In 2017, Apple will prevent apps that do not use SSL connections from working, and from Jan 1st the most popular web browsers Chrome and Firefox will alert users when they are entering information into an insecure website.
A nasty red message like “Not secure” on your website is going to put a lot of people off and is likely to harm conversions (particularly for Ecommerce sites).
So as a business you’re totally sold already right? And you’re next question is…
How do I install this on my website, and how much will it cost?
Typically you have two routes to go down. One, you can get a full SSL installed on your website, however, it's very dependent on your website hosting, and lots of services will charge you around £40 a year to have the SSL installed (we call these the money-grabbing hosts).
Others like Sitegrounds will offer the free LetsEncrypt SSL (we call these the decent, kind-hearted hosts). You can also go solo and install LetsEncrypt on your server yourself if your hosting package allows!
If you’re feeling adventurous, you can look into installing the SSL yourself once purchased from a Certificate Authority (CA). Here are a few:
Your second option is to use a free service called Cloudflare - As it happens, this is our weapon of choice, as it allows you to add SSL to your website without changing a line of code.
Cloudflare offers a whole range of free services that are aimed to speed up and secure your website. It does this by visiting your website through it's super mega fast internet connection, and serving that up to the visitor instead of the visitor downloading the site itself.
This also means it takes the burden of secure information! You pass on the information to the secure Cloudflare servers, then Cloudflare does the rest of the legwork for you keeping your data secured. Did I mention that it’s free? Here is a cool image from Cloudflare that shows how it works.
To wrap up
So now you should know the risks of visiting and running a non-secure website, and a few ways to keep safe! Hopefully, it gives you enough information to move forward from 2016 with a more secure internet.
If you don’t understand something, please drop us a line at firstname.lastname@example.org, and we’ll help explain it some more. We can even help you in securing your website — after all, we do this every day for all our clients as standard!