SSL certificate a must for your SME's website security in 2018
Think your SME doesn't need an SSL certificate? Think again. A recent slew of Chrome updates, not to mention the GDPR, means SMEs in 2018 must be more vigilant than ever with ensuring website security. SMEs without an SSL certificate are not only compromising their customers; they're putting their business at risk. Seriously.
SSL certificates needed now more than ever
For the uninitiated, SSL certificates may sound complicated but, simply put, SSL stands for Secure Socket Layer which is a set of protocols that encrypt private information transmitted between a visitor’s web browser and your web server. Encryption keeps your visitors’ details - credit card numbers, phone numbers, home addresses – safe from criminal interference. An SSL certificate is the best way to prevent thieves from intercepting sensitive financial data between customers and a site’s server.
Currently, less than 30 percent of websites are using an HTTPS-encrypted SSL certificate. However, sites without a proper SSL in place are facing increasing risks that can be particularly devastating for SMEs. And with recent changes stemming from Google Chrome and the GDPR, website security has never been more important; not having proper security protocols could end up costing you everything. (More on this in a minute.)
New security messages – Chrome’s none-too-friendly “NOT SECURE” warning, for example – makes clear to customers that you aren’t invested in their security so they may as well take their business elsewhere. And that’s just the tip of the iceberg.
The following is an overview of changes coming – or have already arrived - to Internet security in 2018 and how an SSL certificate can help your SME adhere to these changes.
2018 a game changer for website security
We’re not overstating the situations when we say that in 2018, if your small business is relying on a website to generate leads, collect data, make sales, or even just promote your offerings, you must have an SSL certificate. Here’s why.
Google has stepped up its efforts to create a secure-by-default Internet browsing experience. With last year’s release of Chrome 56, the company began penalising sites that collect password and credit card information via a non-secure HTTP connection. Earlier this year, Google stopped trusting Symantec SSL certificates. And in July, it will begin marking any site without HTTPS-encrypted SSL as “not secure”. By September, all HTTP pages – no matter what their use – will be considered “not secure”. Can your small business afford to scare off customers who will undoubtedly not think twice about leaving you for a secure alternative?
With Google stepping up its game, any website without an SSL certificate will receive an SEO penalty, making it harder to reach new customers, a situation no small business can afford to find itself in. No customers, no revenue. And not only that but a recent survey conducted by our SSL certificate provider, GlobalSign, found that 84 percent of those surveyed will not buy from websites that don’t secure their data anyway. Say goodbye to those conversions, not to mention your reputation. You don’t want to end up on the HTTPShame list do you?
The GDPR is a far-reaching regulation that encompasses all aspects of data privacy and protection, from credit card and bank account numbers to names, addresses, and phone numbers. Article 32 of the GDPR requires that businesses protect all data they collect, ensuring “a level of security appropriate to the risk including…the pseudonymization and encryption of personal data”. For this reason, an SSL certificate aligns well with GDPR best-practices.
From WannaCry to Equifax, data security breaches are happening all the time. And small businesses are the most vulnerable. Hackers aren’t dummies. Bigger sites could prove to be more lucrative targets but they’re also more secure. SMEs generally invest far less in their site security which makes them fairly steady, dependable targets. Verizon’s 2018 Data Breach Investigation Report reveals that 58 percent of all cyberattacks target small businesses. The U.S. Cyber Security Alliance reports 60 percent of small businesses that are attacked go out of business within six months. With numbers like these, no small businesses can afford to underestimate the importance of investing in security solutions, like an SSL certificate.
In the past five years, over 9 billion data records have been lost or stolen (with the number of security breaches last year breaking all previous records). Only 4 percent of these stolen records were encrypted, indicating just how easy it is to leak unprotected data. Small businesses: listen up! If you’re putting your users’ data at risk and are unable to prove that you have basic security measures in place, you could be facing a very costly lawsuit brought on by very angry customers. And, as if that isn’t scary enough, failure to comply with the GDPR’s directives could end up costing you 4 percent of your company’s annual turnover or a 20 million euro fine, whichever is more.
Specific ways an SSL certificate benefits your SME
Still not convinced your SME needs to invest in SSL certificate security? A quick rundown of the major reasons why you should reconsider.
An SSL encrypts logins, passwords, and other sensitive customer information transmitted to and from your site. Encrypting all information sent between the server and the client protects your customers' data from being intercepted by hackers. Without an SSL, anyone can intercept and steal that data. As SMEs are particularly vulnerable to being hacked, you must take proactive action to keep your customers safe. (Take a second to review that statistic above concerning the number of hacked small businesses forced to close up shop. For SMEs, this is no joke.)
Our Alpha, Domain, and Organisation SSL certificates include a Wildcard which lets you secure your main site as well as all its subdomains with a single SSL. If your site includes several subdomains, a Wildcard is especially useful. You will be able to secure yourdomainname.com, plus mail.yourdomainname.com, secure.yourdomainname.com, or any other subdomains related to your main site. A Wildcard can be used with an unlimited number of subdomains and servers.
A Certificate Authority (CA) – in our case, GlobalSign – can vouch for the authenticity of your site. To apply for an SSL certificate, you need to complete a rigorous validation process which begins with generating a Certificate Signing Request (CSR) which is submitted to the CA. The CA ensures a digital certificate’s authenticity with a digital signature so that end users (or their software) can trust that the server is really the site it purports to be (i.e. it’s not a computer masquerading as a server).
Customers are increasingly nervous about sharing personal date. GlobalSign’s research into an SSL’s impact on conversion rates shows that 55% of end users fear identity theft on the Internet. 75% are aware of security risks when visiting a website. They know what security indicators to look for: green padlock with your company name next to it, followed by HTTPs in the URL. They’re also looking to see if your site has a seal or badge, providing further proof of your site’s validity.
SSL a basic necessity for SME site security
For all of the above reasons, no SME can afford to forego having an SSL certificate. In today’s digital marketplace, website security is a top priority, an SSL certificate a basic necessity.
EuroDNS offers a variety of SSL certificates, each providing different levels of security depending on your SME’s needs. In fact, we’re so committed to helping create a more secure Internet that we even include free of charge an Alpha SSL certificate with every domain name registered with us.
If you’re not sure what level of encryption is best for your SME, feel free to get in touch with us. We’ll be happy to answer any questions and offer our advice.