If you’re an internet user you are hopefully aware that the designation “https” appearing before the website address in your browser bar (usually accompanied by a padlock icon) means that the site you are visiting is secure, and you can safely communicate with it. Not many of us, however, know exactly how this works.
You may have noticed that an increasing number of websites now feature the HTTPS connection. This is not only because internet users are becoming more security conscious, but also because business websites know the importance of engendering trust from their users, and making them secure is a sure-fire way of doing so. It also makes a difference that Google regards HTTPS as a factor in their ranking algorithm, so it plays a big role in that all-important SEO (search engine optimisation).
THE HTTP STORY
To start at the very beginning, HTTP (without the “s”) stands for Hyper Text Transfer Protocol, which is tech speak for the basic standard of formatting and rules that allow for communication between web browsers and servers. HTTP owes its origins to Tim Berners-Lee, who created it in the early 1990s while defining the original world wide web. Over the years there have been several primary versions of HTTP in use – nowadays we use HTTP 2.0 which came in during 2015.
When you enter a web address into your browser the HTTP protocol requests the files you’ve specified from the web server where they reside. These are then shown in your browser. Both the information coming out of the server, and any a user may input, is unencrypted and therefore open to malicious hacking attacks and surveillance. This, of course, is a bad situation for ecommerce, and indeed risky for all web users.
If you have a business website it is unlikely that visitors will wish to interact with your site – and certainly not divulge any payment or personal information – if your site is not obviously secure.
What you need to do is turn your HTTP connection into an HTTPS (the “S” stands for Secure), and that is accomplished by installing an SSL (Secure Sockets Layer) Certificate onto your web server for your specific domain name. When this is done, your website address (or URL) will display in a user’s browser as ‘https://www.yourbusinessdomain’, usually along with the padlock icon. Your site visitors can then rest assured that any business they transact with you via your website is as safe and secure as it can be.
WHAT DOES AN SSL CERTIFICATE DO?
SSL Certificates utilise a protocol called public key cryptography. This allows for the encryption of messages that pass back and forth between your website and a server, preventing any hacker from unlocking and accessing any information in those messages.
When a visitor arrives at an SSL protected website the certificate ensures a secure connection is created with their browser; this is known as the “SSL Handshake”.
The sensitive information that SSL Certificates protect include everything from personal details to credit card information, usernames and passwords. For maximum security it is best to have SSL deployed across all a site’s pages and subdomains.
SSL Certificates must be issued by a trusted certificate authority. Firstly you’ll need to determine what type of SSL certificate you need – for example do you need to protect one or multiple websites, and do you need partial or complete validation and verification of your business information.
You will pay a relatively small annual fee for your SSL certificate, which can be installed onto your host server to secure your site/s. You must ensure that your SSL certificate doesn’t expire, or your site, and it’s users, will be left vulnerable.
The Dentons Digital team offer SSL protection as part of a website build and/or hosting for a business website. Each website is unique in its own way, and we can identify and install the ideal safety solution for your particular site, taking it to the top level of security, with full technical support.