An SSL Certificate is a must for every company website these days. The main reason is security, but there are other important reasons too.
First let’s clear up the tech jargon: SSL means Secure Socket Layer. Another word that means the same thing is HTTPS, or Hypertext Transfer Protocol Secure. These are long ways of talking about encryption, which ensures customer details typed into a company website are kept private. The data is protected as it moves from point A to point B.
Let’s dive deeper to understand why every online business needs this kind of security:
Google Gets Tough On Security
In 2018, the god of search rankings made it an official part of their Chrome 68 release to mark any website that doesn’t have an SSL Certificate as ‘Not secure’. No business wants that sign taped to their front door right?
The reason Google took this measure is because it’s trying to make the Internet a safe place for people (especially shoppers). Without the padlock icon confirming a website has HTTPS, any information people give when interacting on a site is open to theft. It’s like shouting out bank details from an apartment balcony, anyone could be listening.
SEO is a factor too. Google also ranks sites without HTTPS a little lower than those that are protected. With online competition so fierce in the business world these days, no company wants to slip down on search rankings if they can help it.
We’ve explained how SSL or HTTPS encrypts data by protecting it in transit. It’s also a compliance requirement for taking payments on your website using major credit card brands like American Express. The Payment Card Industry Data Security Standard (PCI DSS) protects credit card banks from fraud just like you want to protect your customers. With consumers and businesses often relying on credit cards to spread out their spending, not allowing major credit cards on your site could see you losing out on major sales.
Peace of Mind for Shoppers
Another way that SSL Certificates make shoppers feel secure on a website is authentication. Before a registered Certificate Authority (CA) will issue an SSL, they do a Domain Validation check to verify the site domain is legit.
Businesses often go one step further and buy an Organization Validation (OV) SSL Certificate. With this type, the CA checks that the company has a publicly listed presence. It lets consumers know the business is established, not like some market stall that can disappear overnight.
Major-player companies tend to go for an Extended Validation (EV) SSL Certificate. With these, the CA checks that the business is officially registered by their local government i.e. they’re incorporated as a legal entity and their company details are on a government registry. This demonstrates that a company is completely legitimate and can be trusted with sensitive information.
EV used to be seen as a greenbar along with the company name in browsers, letting everyone know the website has the ultimate trust factor. Although the greenbar is no longer shown in all browser types, anyone can check the validation level by clicking on their browser padlock icon. There they’ll see a section on Certificates and can learn whether the website is DV, OV or EV authenticated.
Another SSL point worth mentioning, especially for large business websites that have a number of sub-domains (like blog.brand.com, press.brand.com), is a Wildcard Certificate. This encrypts a hundred sub-domains in one go, which is much more useful and cost effective compared to buying a separate SSL Certificate for each sub-domain.
There are a couple of key reasons why an SSL Certificate, or HTTPS, is vital for any company website. The main reason is data protection by encrypting customer information in transit from browsers to your website server.
But there are other reasons that make HTTPS important for any business. SSLs keep the Google giant happy so it doesn’t tag ‘Not secure’ on your website, or drop your SEO rankings. HTTPS is also mandatory for taking credit card payments from major brands, and you don’t want to lose those sales.
Then there’s SSL authentication, where the Certificate Authority verifies that your company is legit. The degree of legitimacy and level of verification you choose will depend on the type of company you have. Domain validation may be enough for blogs, but large ecommerce companies tend to want to demonstrate they’re established in public listings and officially registered with their local government so that consumers can have full peace of mind if they check in their browser settings.