If you’re reading this, you’ve probably heard about SSL certificates. You might have an inkling that they’re useful, and you might know that they’re something to do with online security.
We now work in a digital age where everything is starting to become “wireless” and “in the cloud”. Most software these days is cloud-based, meaning you access it through the internet. You’re most likely using cloud-based software to run your business already, whether it’s a bespoke web app, your online accounting software, or your email. As a business owner, it’s incredibly important to protect your customers data. If you understand security, you can confidently promise that your customers’ data is safe. Not only is GDPR legislation now enforced in the UK and EU, there are terrorist-level hacking attempts happening constantly.
So what is an SSL certificate exactly, and how does it affect you as a business owner? We’re going to help you understand the importance of SSL for your business, with minimal jargon.
What’s an SSL certificate?
Firstly, no – it’s not a real certificate on a piece of paper. But it is a “seal of approval”, that indicates how safe and secure a website is. (There are some key indicators, but more on that later…)
The SSL certificate is simply a file that is stored on a web server containing the following information:
- The web domain that’s being protected – e.g. www.sourcecodesoftware.co.uk.
- Details about who owns the domain – if it’s your business website or system this should be you.
- A set of encryption keys – which is what protects the data on the website. To learn about encryption, visit this Wikipedia entry (warning: it’s quite technical – we promise to write a jargon-free one soon!)
When does a website, CRM or software need an SSL certificate?
If your website, CRM or cloud-based software holds sensitive customer information, you are required by law to keep it secure. SSL is an easy and cost-effective way to keep this sensitive information safe as it travels through the world wide web. Without an SSL certificate, the information is at risk of being intercepted by “hackers”.
Generally speaking, the only time a website or online system doesn’t need SSL is when it doesn’t hold ANY personal data or have any kind of login system. As you can imagine, this isn’t many of them these days!
What is considered to be “sensitive information”?
Sensitive information includes details that can identify an individual such as address, phone number or email address. Whenever you need to provide a username and password to log into a website or software system online, it needs a certificate too.
How does this affect my business?
Aside from the security implications, having an SSL certificate will give you and your business many other benefits.
It will improve your SEO rankings
Google now penalises non-secure websites, making them appear lower in search results.
It will help to retain your customers’ trust
Google Chrome and Firefox now make it clear to users when a website is secure, as well as warning them when it’s not. If your customers don’t think you’re taking data protection seriously, they will quickly file complaints or find another supplier.
It will save you having to pay massive fines
GDPR, the new set of laws around data protection within the UK & EU, requires you to take all reasonable steps to ensure your customers’ information is kept safe. Enabling SSL encryption is an easy way to help achieve this, and ignorance is no excuse.
How can I tell if a website, CRM or software has an SSL certificate?
This is very simple – your web browser will tell you. If you’re using Chrome, for example, the address bar at the top of the screen will show a little padlock when you’re visiting a page that’s protected by SSL, as shown below:
When you’re visiting a website or using cloud-based software that’s not protected by SSL, the web browser will indicate this with a “Not secure” warning in the address bar, as shown below:
How much do SSL certificates cost and where do I buy it from?
This is something you should discuss with your website or software developer as it should be automatically included. Standard SSL certificates are now available for free. Therefore, you shouldn’t need to pay much for yours as it shouldn’t take your developer more than 5 minutes to install.
Speak with your techie if you suspect your SSL hasn’t been applied. The factors that can generally affect the price are:
- How many years you purchase the certificate for (1, 3 or 5 years).
- Whether you need a single domain, multiple domains or unlimited domains (wildcard).
- Whether or not you are VAT registered (because they are subject to VAT).
My website doesn’t use SSL. What should I do?
First of all, don’t panic! Ask yourself these questions:
- Does your website have a login page? (for example, if it’s a WordPress site or other content management system (CMS))
- Do you run an e-commerce site (do you sell things online and is there a checkout on your site)?
- Does your website handle any kind of sensitive information (for example, personal details or login details)?
If you’ve answered yes to any of the above, speak with your web developer to have them install a certificate as soon as possible.
My CRM or custom-made software doesn’t use SSL – what should I do?!
Have a serious conversation with your software developer because they are putting you and your customers at risk. If they refuse to resolve the issue ASAP, you can file a concern with the ICO. You should also consider finding another software developer.
There is no excuse at all for sensitive information to be transferred over the web insecurely. If you’re having any issues with your software developer or have any questions about your bespoke software system, we can help.
We’re a friendly bunch of techies that can speak in plain English. We love to help business owners understand how much software can really help you in business. Drop us a message.