What is an SSL Certificate and Why Does my Website Need One?

What is an SSL Certificate and Why Does my Website Need One?

SSL Certificates help protect your website's users from hackers; in this article we take an in-depth look at the benefits of securing your site with SSL.

HTTP, the protocol used to share data between computers on a network, is inherently insecure. The data sent from one machine to another is not encrypted or encoded but sent in plain text. This means that if a “bad actor” (a hacker, for example) were to intercept this communication, they could read the details of the request and potentially modify them for their own purposes.

Secure Sockets Layer (or SSL for short) is a protocol designed to provide a secure connection between two machines for the purpose of ensuring that the communications between them have not been compromised.

What is an SSL certificate?

An SSL certificate is, in essence, just a small, simple data file that contains a long string of text (called a “public key”) which is used by the browser to confirm that the server it is communicating with is who it says it is.

What are the benefits of securing your site with SSL?

Hacker using a laptop

Protect your Users from Hackers

The number one benefit of using an SSL certificate to secure your website is to protect your users from hackers. Whenever data is transmitted over a network, there is a chance that that communication can be intercepted and any private information contained in that communication could be stolen or modified - this is called a “man in the middle” attack.

Some examples of when this could become a big problem:

  • E-commerce - a user’s credit card details could be stolen, used or sold to other criminals
  • Medical data - a user’s private medical records could be stolen or modified with devastating effects
  • Private content - a user’s private family photographs could be stolen and released on the Internet
  • Identity theft - ultimately, any personal data stolen from a user can - and often is - used as part of a campaign of identity theft. 

There are a number of additional benefits (which we’ll discuss below) but these benefits only exist because of the initial requirement. For example, search engines, such as Google, rank sites with SSL certificates higher than those without because Google understands that secure sites are better for their users and for the Internet as a whole.

User Confidence

SSL Certificates are absolutely vital for showing your users that they are being kept safe when using your website. When visiting a non-SSL enabled website, your browser will show you a message in the address bar, indicating that your site is not secure - over the past few years, this message has become more prevalent and suggests to the user that they should not enter any private information on the site. Conversely, visiting a site that is secured by SSL shows a padlock and is marginally more subtle - indicating that SSL certificates are expected, no matter whether your website collects information or not.

Search Engine Optimisation

Since 2014, Google has considered the use of an SSL certificate to be one of their “search signals”. This means that websites that have implemented SSL protection are considered to be more trustworthy and therefore Google will rank your site higher than an equivalent website without.

As previously mentioned, Google (and many other service providers) understand the importance of information security and uses its weight in the digital space to promote the good practice of securing your server against potential breaches by hackers and man-in-the-middle attacks.

GDPR

GDPR (or General Data Protection Regulation) is a set of regulations and laws designed to protect the personal data of users and companies in European IT systems. GDPR applies to any company doing business in Europe that stores or processes personally identifiable information.

Whilst not a specific requirement of GDPR, the use of SSL certificates is clearly the only way to ensure that some of GDPR’s requirements are satisfied. For example, Article 32 of the regulation requires that:

... the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate

  1. The pseudonymisation and encryption of personal data
  2. The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

Without applying an SSL certificate to your website, you will simply not be able to satisfy this article.

Does my Website need an SSL Certificate?

Yes.

Whether your website collects personal information or not, the benefits outlined above are simply too great to ignore. Protecting your users’ personal information should be enough to make this decision for you, but the additional benefits of instilling trust in your users, improving your Search Engine rankings and (for those collecting personal information) complying with the GDPR make purchasing an SSL certificate a no-brainer!

Secure by Default

At YANDA Software and Marketing, all our hosting packages come with an SSL certificate as standard. Whether your website is a Wordpress site, a custom built Content Management System or a simple long-form static site, if you host the site using one of our hosting packages, it will be secured with an SSL certificate at no additional cost.

If your website is hosted elsewhere, we can help you get set up with an SSL certificate and start protecting your users.