A New Age of Cybersecurity
Google is on the warpath. The internet plays a pivotal role in every aspect of modern life and with every day that passes we’re becoming more entrenched, for better or for worse. That means that cybersecurity is nearly as important as the real world security (police, military, home security) that keeps us safe. After all, if someone hacks your website or steals your identity, it’s going to have a catastrophic impact on your real-world life.
With that in mind, Google flagged all unencrypted websites in the summer of 2018 – which amounted to about two-thirds of the internet. It’s obviously worked, as that number is closer to one third now. You’ve probably seen this warning:
This warning is not good for business.
One avoids Google slapping this warning on their site by installing an SSL certificate which will convert a URL from http://www.yoururl.com to https://www.yoururl.com and give users a way to view the certificate to make sure everything’s bueno. We usually purchase and install these certificates for our clients, and lately we’ve been both installing these on sites we’ve launched before Google enforced this standard in years past, and making sure any newly launched sites are encrypted with SSL out of the gates. Fortunately, all Shopify sites come with full encryption already, so in our case, we’re really only talking about static HTML sites, WordPress, open source e-commerce solutions and custom content management systems.
That lock icon next to the https:// URL is what you want to see on every page of your site.
What Is An SSL Certificate?
SSL/TLS is simply the technology that establishes secure encryption between your web browser and a website’s server. An SSL certificate assures your users that such security exists and that they’re in good hands. This is similar to the health department posting an A+ in front of a restaurant. Without an SSL certificate, your visitors will encounter the previously mentioned security warning upon arrival.
Do I Need An SSL Certificate?
Protecting your visitors (and letting them know it) is vital to establishing trust between them and your brand. If you visited a new site and were greeted with ATTACKERS MIGHT BE TRYING TO STEAL YOUR INFORMATION, what would you do? Yeah, you’d hightail it outta there!
So would I. And that’s exactly what visitors who come to your site for the first time will do.
It’s no secret that lacking an SSL certificate will hurt your search engine rankings; Google has said this repeatedly now. This isn’t really news in the industry, but it’s something many site owners aren’t aware of. Search engine optimization is absolutely critical to people finding your products and services, so falling in Google’s rankings is something you should take as seriously as a heart attack.
In addition to the above reasons, if your website takes text input in any form – search bars, contact forms, payment information, anything at all—then an SSL certificate is particularly critical. Text input fields are one of hackers’ absolute favorite ways to get into your website and do wicked things that will ruin your day. Unless your site’s selling male enhancement products, you’re not going to be too pumped.
The answer to the question, “Do I need an SSL certificate?” is no longer a question— it’s a requirement.
TLS, SSL, And The War On Cyber Crime
You may have heard about TLS; fear not, this isn’t something you should be too concerned about. SSL was effectively replaced by TLS, so issued certificates should be using TLS at this point. However, they’re just different protocols, and protocols aren’t the same as certificates. Security certificates are still commonly referred to as SSL certificates by virtue of familiarity. Mobile phones work absolutely nothing like Alexander Graham Bell’s original invention, but we still call them “phones” because they fulfill the same basic role in our society. TLS replaced SSL, but we still call the certificates “SSL certificates”. New technology will replace TLS, so just keep an eye on it.
Cybersecurity is an arms race. The malicious computer nerds in their dark stuffy bedrooms with bedhead and smelly slippers (we’re just speculating here—well, maybe not…) will find a way around your current security, so the world’s superheroes will need to continue to develop and implement new layers of security before that happens. This is the nature of cybersecurity, but its eternal inevitability doesn’t excuse you from participation, lest a hacker absconds with your credit card information. Getting this certificate will make you far more resistant to bad guys, but not immune.
How To Get SSL Certificates
Though Google enforces this standard, it’s not a unique concern to them and they aren’t even the ones who issue the certificates themselves. The vendor most people turn to is their web host who usually sells them or has a third-party resource to direct you too. Prices for basic certs vary anywhere from about $75-$150 annually and sometimes they are included free as your part of your hosting service. But there are higher levels of SSL certificates (EV Certificates) that’ll run you thousands per year. The latter are usually used by bigger companies, but if you can afford one, get one. (Quick note: If you’re on Shopify Plus, Shopify’s high-volume/enterprise offering, they include an EV certificate with your service—pretty sweet right?)
Our clients usually have us take care of this for them because it’s a semi-painful process that requires some know-how. However, if you want to try to work with your host to get this going, more power to you! (But be prepared to pay with some additional grey hairs).
As always, we encourage you to educate yourself. Here are a few links to get you going:
If you’re really tech-savvy, you might take a crack at building and installing a certificate for yourself. Google is a platinum sponsor of Let’s Encrypt, along with several other high profile names like Mozilla and Cisco, and endorses Let’s Encrypt on their security blog.
Disclaimer: “tech-savvy” does not mean being able to check your email without help. Lookin’ at you, mom.