On the Importance of Website Security

Getting robbed, from A to Z

It was the summer of 2016, and I wanted to buy my mom knitting supplies for her birthday. I found a site that looked nice – it had everything I was looking for, plus fast shipping. I purchased the items and sat back, happy to have found something just perfect.

Fast-forward a few days. I get a message from my bank stating that they have closed down my account for suspicious activity. I freaked out, thinking there must be some mistake; that my card is still safely in my wallet, and I had just used it earlier. I check my account to realize that I have a few abandoned dollars left on my account. The money I had been saving up had been used in a Home Depot in Texas.

At that point, I was just curious about what you would so desperately need from Home Depot for hundreds of dollars – toilets, rugs, boxes? I NEED ANSWERS!

Not that it would have helped since my account was emptied. So I started my bit of research to try to figure out who had robbed me in broad daylight. I traced my steps to the knitting supply shop since the timeline of events made complete sense.

And that’s when I learned about SSL. You guessed it – the knit shop didn’t have a certificate.

Fighting Crime One Step at a Time

Years later, I am working at an IT company, trying to make the Internet a better place by helping small businesses make their sites safe and secure, so no one has to go through that annoying hassle again.

SSL is the most critical part of security you can install on your site to make it seem, and BE secure. All the acronyms used in IT, I think, are meant to confuse people and make it sound harder than it is. So please hear me out for a minute and let me try to explain how SSL works.

Let’s get the dull stuff out of the way first – SSL stands for Secure Socket Layer. I just always imagine a secure sock that’s happy about being so well protected.

It is a protocol (read: a set of rules) used to establish a protected and encrypted connection between your computer and the server you’re sending information to.

Without SSL, anyone in between can see what your clients are sending. On a very high-level, encryption scrambles up the data, so no one without the right key (which only you and the server you are communicating to, have) can read. You can think of someone putting your credit card data in a safe with a key that gets sent to the server very carefully and separately, where the server can open the safe and look at the contents. Without SSL, your data gets sent on an imaginary piece of paper that anyone can take a look at.

Decisions, Decisions

Everything has PROs and cons – some things are just better than others.

Now, you might be asking, if I’m not asking clients to insert any sensitive data on my site (such as credit card numbers, social security number, credentials, etc.), do I need it or is it just another thing people want to sell me?

My answer is: it’s up to you, but many advantages come with SSL. One big one is that different web browsers mark the site that has SSL and add an ominous-looking exclamation point and warning to the address bar. Even if you don’t put in any sensitive information, it just kind of shows that the owner of the site doesn’t care too much about safety. It can be a significant warning sign, and I usually avoid pages like that.

Secure website
Insecure website

The second big bonus is getting a boost in Search Engine Rankings. It might not bump you up from, let’s say, position 381 to the top 5, but if you have a competitor and you pretty much offer the same type of services, having an SSL gives you an advantage, possibly pushing you above them.

Any negatives? 

Should I state the obvious? It costs money, and if you’re not sure how to install it on your website, it might be a hassle. It is probably not as expensive as you would think, though. For example, buying an SSL certificate for your site should cost you less than or around $10 per month. It’s up to you to think if you’re willing to spend that.

But it can get even better

You can choose an SSL service with no monthly fee at all.

Let’s Encrypt is an entirely free SSL service trusted by many of the big names, including Google Chrome, Mozilla, Facebook, Squarespace, and many more.

The setup depends on the hosting service you have. We can always do some research to see if you qualify for the free SSL installation, in which case you would only need to pay for the installation and enjoy free SSL with no monthly (or yearly) commitments. The list of companies that support Let’s Encrypt SSL certificates keeps growing, so the chances that your site qualifies for that, is pretty good!

If you would like to have more information about SSL or if you’re interested in getting it installed on your website, contact us below or email us at service@youneedapro.com