As a small business owner with a website advertising your goods, from products to services to the tourism industry, you might be aware of news reports indicating trends are evolving toward all sites being updated with an SSL certificate. In other words, making a website ‘private’ through encryption, making it more secure. Why it is so important for 2018, and is compliance required?
We have been asked this question often in recent weeks, and in the same breath we hear people being told that website encryption may be an unnecessary expense for them. Up until recently, this was true, but only if a website was not handling sensitive personal data e.g. with log-in, password, email, payment information, etc.
However, not following these new recommendations,
will have implications for your business online
Before 2018, there were already two major reasons to fortify your website with an SSL certificate:
- To hide the back-and-forth traffic between a website and its customers in a protective tunnel (encryption, in the jargon) and to make this data private.
- To show the (potential) customer that they are dealing with you, and not with someone who is impersonating you or your site.
What encryption does, is hide your http://yourwebsite behind a closed door, which is indicated in the URL bar as https://yourwebsite with a closed padlock beside it.
This builds trust. A user can also immediately see when a site is no longer up to date or not private when the lock is open, and they receive a warning that the site is not secure. As IT’ers, we will personally never log into a site without the lock and that little ‘s’. NEVER!! Nor should you!
As a small business entrepreneur,
we have a digital responsibility.
- This year, there is an important THIRD reason to make your website traffic private: Google intends to use its position as the world’s dominant search engine to push a more secure Internet.
Through its actions of placing the responsibility for the privacy and protection of the browser/user with the business owner, it is encouraging the use of encryption across the Web. Search engine priority will be granted to websites that have been encrypted through an SSL certificate. This is especially true for websites that hold private data.
What this means for your Annual Budget
In your decision making about SSL vs no SSL, it is best to be very careful, and to have the guidance of a competent professional. Within the plethora of available SSL certificates or security packages, you can be sold features that might not be necessary for your type of website. Where I worked formerly, I saw $5,000 certificates pass my desk, but a university deals, by law, with whoppers of privacy measures since it handles lots of student data. That’s probably not you.
Like your domain name and webhost costs,
website encryption is a recurring expense.
If budget is an issue, at the very least there is the option to install what is called a "domain-validation certificate" (which all SSLs contain, by the way.) It is possible to get these for free on this website LetsEncrypt. Do beware that these certificates must be updated more frequently to keep current and that in some cases, the web host does not make it easy to apply a free certificate without extensive technological know-how.
You can also check via your web host to see whether they have SSL certificates available that work for your site (and not a smidgen more than that). This may be a free service, OR you may need the features that a paid option offers. Typically, the cost of an SSL certificate starts at around $5 per month. They will have an explanation of how it works. Our recommended web host, Bluehost, uses Comodo and keep the certificate updated for you.
There is no way around it. To be a responsible business owner, to receive search engine priority, especially when handling private user information, and to earn the trust of your (potential) customers, encrypting your website is the only way forward.