In short, SSL is an initialism of Secure Sockets Layer. It is a security protocol which creates an encrypted link between a web server and a user’s browser. As a result, any data that is transmitted between the two cannot be viewed by hackers. This is especially important when dealing with form submissions or ecommerce websites. Without an SSL, data is simply transmitted as plain text which makes it easier to intercept. This is even more of a risk on public Wi-Fi networks such as cafes or airports. Pages you view or personal data that you enter can be easily monitored by would-be attackers.
As a result, providing a secure connection for online browsing is a top priority for Google. Just like having a responsive website design, SSL certificates also assist with your website’s SEO. Back in 2014, Google announced that it now views HTTPS as a ranking factor. Furthermore, failure to use HTTPS/SSL will now have an impact on the credibility of your website and ultimately your brand message.
If a website is correctly secured with an SSL certificate you will notice that the URL starts with HTTPS (Hyper Text Transfer Protocol Secure) instead of the standard HTTP. Depending on which browser you use, you may also see other warning messages about the security of the website you are viewing.
The details below are based on the Google Chrome web browser. This is especially relevant since Google confirmed that as of July 2018 they would actively alert viewers if they were visiting an unsecured website.
If you visit a website via a supposedly secure link (HTTPS) but the site does not have a valid SSL certificate then this is the warning you will receive.
Google Chrome has detected that there is either high risk insecure content on this page or a problem with the site certificate. It will also warn you that “Your connection is not private”. Do not enter sensitive information on this site. Attackers could be trying to tamper with your connection or may be attempting to steal your information.
This type of site presents the content of its pages via standard HTTP. This is most commonly used for basic websites that do not handle sensitive or confidential information. Avoid entering financial information or personal details such as usernames and passwords on this type of site.
As mentioned above, having an unsecured website will not only impact on your SEO but also the credibility of your site. After all, having a “Not Secure” warning message on your website is not exactly sending out the correct corporate brand message.
If you visit a website with this warning message then it indicates that the owner has correctly installed an SSL certificate but it contains content loaded via both HTTPS and HTTP. This could include resources such as videos, images and stylesheets.
You should be careful when entering information on this type of site. Insecure HTTP content can provide loopholes for potential hackers.
This is the ideal scenario. The padlock confirms that the website you are viewing has a valid SSL certificate and has also been correctly configured to load content via secure HTTPS links.
If a site uses an Extended Validation SSL (EV-SSL) certificate, the organisation name will also be displayed next to the padlock icon in green text. This is the ultimate statement of online security as well as brand trust.
Previously, HTTPS/SSL was only required for websites dealing with sensitive information or ecommerce websites with online payments. This is no longer the case. Google is striving for “HTTPS Everywhere”.
Having a secure website will provide the following benefits:
Take a look at your corporate website. If you don’t see that padlock then maybe it’s time to contact your web design company and make the switch to a secure online presence today.