Google this year has stepped up its campaign to convert the world wide web to operate entirely over SSL/TLS secured connections. Their latest salvo is to highlight in the address bar of their Chrome browser Secure or Not Secure when visiting websites that are encrypted or not encrypted respectively. Other browsers are following suit which pretty much means encryption will end up being the new norm for all website traffic. This has several implications for your small business.
Secured Connections Are Good
First let me say that securing your website is good for you and your web visitors. Initially, I was irritated that I was being strong armed into converting websites to the HTTPS protocol. I do not manage any websites that are asking for sensitive data like personal info or credit card numbers, so why should I or my clients spend the time and money to convert. After giving the issue some more thought and doing a little research, I changed my tune. (BTW, this video is very informative and worth the watch If you want to understand why encryption is good.)
SSL/TLS certificates secure your site in 3 ways: encrypting data (scrambling the info so it can’t be read without a key), authenticating the website (am I talking to who they claim to be) and data integrity (has anyone changed the data). Without these 3 security checks, nefarious individuals or organizations could collect immense amounts of information on the people who visit your website. Even worse, they can hijack your visitors and make them believe they are on your website when they are not. Then the hijacker can collect whatever information they can convince the visitor to give away, all while pretending to be YOUR business and YOUR website. That’s no good.
What’s more, I realized that if you run a WordPress website (or any website that requires log in credentials…. which is pretty much all websites) then that is reason enough to install SSL/TLS certificates as your log in credentials can easily be observed without encryption. You might think that your small business website isn’t much of a target for hackers, but you’d be wrong. I’ve seen the smallest, most insignificant websites get hacked and defaced. If you log in to your website over an unsecured connection, you could be giving it away.
Finally, It is worth noting that for the time being, Google gives a slight SEO bump to websites that have converted to HTTPS.
The Bad News: Time And Money
The downside to switching to HTTPS is twofold: you now have another annual fee and task because SSL/TLS certificates cost money and have to be installed, and you have to invest time and/or money into converting the entirety of all of your websites (if you have more than one) to operate over a secured connection.
The Annual Fees and Tasks aren’t too bad. For a basic SSL/TLS certificate you’ll pay as little as $20 per year (maybe cheaper depending on where you buy) and can go up to $170 per year. The more expensive certs have added benefits, but for a basic site that isn’t asking for sensitive data, a cheapie should do the trick. The task of installing the cert is a little convoluted and can be confusing to some. If you take the time to learn how to do it yourself, then it will take as little as 10 to 30 minutes to install or renew the certs. If you don’t want to muck around with it, then you’ll have to pay your webmaster to do it.
Converting Your Website after you install the certificate is where your biggest one-time expense can come in. The cost can depend on many things: how many sites you have, how big they are, how much media is on your sites, whether your media is local or remote, whether your links are absolute or relative, whether your site is built on a CMS platform like WordPress, or built on a hosted platform like WIX, etc. If you have a basic site built on the WordPress platform then the conversion should take an hour or less to implement and test. If you have a large website or lots of websites, your situation could take much longer and cost more.
Regardless of your situation, you should at least talk to a webmaster to identify what you need to do to make the switch and how much it’s going to cost.
The Crux Of The Situation
The long and short of it is this: if you have a website for your business and that website is important to you, you really have no choice. You are going to have to make the move to SSL/TLS security. If you don’t then people are likely to lose confidence in you, the search engines will penalize you, the browsers will tag you Not Secure, and you run a higher risk of losing business online.
Plus, making your website a secure place for your visitors, thus making the Internet more safe, is just plain good. So be a responsible, considerate Internet citizen and lock your site down.