Think the ‘s’ in ‘https’ doesn’t really matter for your business? Think again.
In the past, your website really only needed an SSL certificate if you accepted credit card payments or other sensitive personal data over the Internet. Today, however, it’s a different story.
This post explains how securing your website with an SSL certificate not only protects you from hacks but also improves your search engine optimization efforts.
What is SSL?
In simple terms, the presence of an ‘https’ in a website’s URL (as opposed to just an ‘http’) indicates that your connection to that website is secure and encrypted – and that any data you submit is safely being shared with that website. The technology behind this is called SSL, which is an acronym for Secure Sockets Layer.
Here’s how it works…
When you visit an unsecured website, your browser makes a connection with that website and actually transmits information publicly – for example, information from filling out a lead gen form or inputting SaaS platform login credentials, let alone making CC payments or providing your social security number. Under these circumstances, malicious hackers are able to intercept your info and manipulate or use it as they please.
In contrast, a secure SSL-enabled website essentially creates an encrypted pathway (think of it as an impenetrable tunnel) between the server hosting the website and your own browser. This secure connection and authentication is established without affecting website performance, and the vast majority of hackers can’t break into this “tunnel.”
Why does SSL matter?
There are a number of reasons why enabling SSL is no longer a “nice-to-have” option, even if your company doesn’t sell products online. With the security and privacy of consumer data receiving more attention than ever before (see our post on the European Union’s GDPR), building and maintaining trust with your website visitors is absolutely critical. Here are a four compelling arguments for converting to SSL if you haven’t already:
Encryption mitigates the risk of man-in-the-middle-attacks. Techopedia defines a man-in-the-middle attack as “a form of eavesdropping where communication between two users is monitored and modified by an unauthorized party.” SSL helps prevent these types of privacy breaches. And it’s no secret these types of threats are on the rise in 2018 with the number of cyberattacks making headlines. Better safe than sorry!
SSL appeals to Google’s search ranking algorithms. Of course, it’s Google’s goal to provide users with the best web experience possible and to serve up the best results possible when a person conducts a search. In light of this, Google now factors SSL into its algorithms and has made a public statement that a website with SSL enabled will outrank a site without SSL, all other things being equal. As of October 2017, Google’s Chrome browser also explicitly warns website visitors when they’re on pages that aren’t encrypted with an SSL certificate and they’re filling out a form. What’s more, users experience faster browsing speeds when HTTPS is enabled, giving Google yet another reason to favor websites that have made the transition.
Your anonymous site visitors are more likely to convert. A big part of the reason why Google cares so much about SSL is because your audience cares about it. The visual cues on an SSL-enabled website clearly demonstrate to your visitors that you value their security, and that you’re protecting their data. Considering that 77% of website visitors worry that their personal information could be intercepted or misused online, enabling SSL should be a high priority. Moreover, a recent GlobalSign survey revealed that 84% of website visitors would abandon a purchase if they knew their data was going to be sent over an unsecured connection. And HubSpot’s research shows that 82% of visitors would leave a site if they saw Google’s “Not Secure” warning.
SSL is required for AMP. Google’s open-sourced Accelerated Mobile Pages (AMP) project was launched in 2015, but it wasn’t until recently that the search giant started delivering AMP posts and articles much more prevalently in mobile results. Given that well over half of searches are now taking place on mobile devices (smartphones, tablets, etc.), it’s important that your B2B blog content is AMP-friendly. (Note: if you’re a HubSpot user, this is simply a flip of a switch and we’ve likely already made this change for you.) Because enabling SSL is a prerequisite for enabling AMP, it’s just another reason to board the HTTPS train before you start losing SEO traction.
How can I tell if my website is secure?
There are a few visual characteristics you can look for to immediately tell if your website is enabled with SSL:
- The most obvious is within the URL of your website. Instead of seeing “http:” in the link, you’ll see an “https:”.
- When SSL is enabled, some browsers—like Google Chrome—will display the word “Secure” accompanied by a green lock icon in the URL bar.
- Some e-commerce websites will also add a badge to web pages on which purchases are made, indicating that it’s secure.
Still not sure? HubSpot also has a free SSL checker tool you can use to find out the answer super quickly.
Steps to take if your website isn’t secure…
If you know (or happen to find out) that your website isn’t secure, definitely contact your PMG Account Manager – and we can help you come up with a plan to make this happen.
The first step will be to determine what type of certificate you need. If you’re hosting content on multiple platforms (including separate domains and/or subdomains), you may need various SSL certificates. However, for most sites a standard SSL certificate will cover you.
For companies in a more regulated industry, like financial services or insurance, it’s a good idea to sit down and have a discussion with your IT department because there are specific industry requirements that dictate the specific type of SSL certificate you need for your website.
As far as costs go, they vary. You can get a free certificate from Let’s Encrypt, but our partners at HubSpot strongly recommend that you have someone knowledgeable about the DNS and technical setup of your website help you out with this initiative. Beyond free certificates, many domain providers will sell them for about $50 to obtain a certificate for one domain, up to a few hundred dollars for multiple domains.
For HubSpot customers, you can have peace of mind. HubSpot has a free standard SSL service that ensures security across all of your content hosted on the HubSpot platform.
Again, if you are unsure about all of these changes, please contact someone on your account team. For additional information about SSL, including more technical details, we recommend reading HubSpot’s A Beginner's Guide to SSL: What It Is & Why It Makes Your Website More Secure.