What is an (SSL) Secure Certificate?
What this means and why you should have a secure certificate for your website? Phishing, malware, viruses, hacking: a new lexicon has permeated our daily list of security concerns. And no wonder, it is estimated that the costs of global cybercrime could reach $2 trillion by 2019, and in recent years, 47% of American adults had their personal information stolen by hackers.
All companies that do business online need to ensure present and potential customers that their information will be secure, and certification of security is the only way to do that.
When certification of sites first began in 1995, website owners had to buy secure certification from a certificate authority (CA) or from their host provider to secure their site, but the need to fight such widespread and pervasive cybercrime has led to many CAs offering free certification. And in addition to offering free security certification to website owners, CAs also offer free certification to hosting sites like WordPress, SquareSpace and more, which means that many sites are automatically secured. However, not all security certificates are the same, and it may be better for your company to buy a security certificate that has extra safety features built-in.
In this blog, we explain more about the various types of certifications, but first…
How does secure certificate work?
The secure certification installs a two key encryption system that unlocks your information, which makes it more difficult for hackers to decode. One key is private and one is public. The CA (the body that issues SSL certificates) holds the public key, but they never see the private key.
To further secure your data, browsers have a list of secure CA companies that have been verified to ensure you are not working with a fraudulent certification company.
Very basically, the key system allows the browser and server to validate the information through a series of steps.
When a browser connects to a website (server) that is secured with SSL, the server will send a copy of the SSL certificate that includes the server’s public key. The browser validates the certificate information and that it matches the website, then it creates, encrypts and sends back a session key using the server’s public key.
The website (server) then decrypts the session key using its private key and sends back an encryption with a session key that allows the browser and server to connect and exchange information in a secure environment.
I don’t do ecommerce, do I need a secure certificate site?
In short, yes. The widespread occurrence of cybercrime has led to a major drive forward in network security through SSL certification of websites. In fact, Google is leading the charge with a new warning system on pages that collect passwords or credit card information that tell visitors to be wary if a site has not been secured.
If you were searching for a product or service and a warning note came up on screen that the site is not secure would you click? Of course not, and chances are neither will your clients. So no matter how much you invest into your lead generation marketing efforts, it will all be in vain if visitors are worried about entering your site.
And in addition, Google is now giving preference to https sites over sites that are not secure. Blimco Marketing has had first-hand experience with website security issues impacting not only Organic Ranking but also issues with violations of Google Advertising Policies resulting in website suspensions. Anita at Blimco Marketing strongly recommends getting your certificate as soon as possible, as you could be avoiding a whole host of problems and costs to repair a compromised website.
My site is not HTTPS, how do I secure it?
Securing your site is simple. Most domain sites offer a secure certification option, which they may purchase from a Certification Authority (CA) or it will be offered for free.
If not, you can go directly to a CA and begin the application process for an SSL (secure socket layer) certificate. CA companies such as GeoTrust, DigiCert, and Symantec have been verified and are on the authorized list of SSL certificate providers. However, before you apply for your certification, you should be aware that there are three types of SSL certificates.
- Certificates verified by domain validation
- Certificates verified by organization validation
- Certificate verified by extended validation
Certificates that are verified by domain only are the least expensive and fastest to set up, taking just a few minutes or hours to set up. To qualify for certification, the CA will simply check that the domain is actually owned by the applicant; however, this is also the least secure and should only be used for sites with minimum security requirements or internal sites.
Certificates verified by organization will ensure that the domain is owned by the applicant, that the company information is valid, and that all company information is accessible to website visitors. This level of certification can take a few hours to a few days to set up and is highly recommended for all businesses.
Certificate verified by extended validation offers the highest level of security and requires verification by an authorized CA company, and company information will be more thoroughly checked. It can take a few days to a few weeks to set up, but this one is highly recommended for e-commerce sites.
Why should I pay for SSL certificate if I can get it for free?
Quite simply, you get what you pay for. While the free SSL certification will offer a basic level of security, it might not reassure your website visitors. Quite often, when visitors land on a site that has a free SSL certificate, they will be shown a pop-up window that tells them the connection is not trusted, and they will be offered the option of clicking ‘I understand the risks’ and continuing, or clicking ‘get me out of here’ and leaving.
If your visitor is a new visitor to your site, a pop-up like this will not instill confidence in the security of your website.
When choosing a certificate type for your website, your main concern should be the security level, because when you consider that global consumers lost $158 billion to cyber crime last year, you can’t afford a less secure option, and neither can your customers.