In 2017, Google Chrome began to show a "Not secure" warning to any users who visited a website that was not secure and collected user information.
Other browsers followed suit, or were already doing so. This is a good thing - Google is actively encouraging website owners to make sure their users are protected, and to take responsibility for sensitive information that moves through their website.
But as a website owner, what does this mean for you? Let's break it down.
Normally, users connect to a website through an HTTP connection, which was the web standard for a long time. You'd recognise this as the first part of a web address - e.g. http://websitename.com.
When a user connects to your website through HTTP, any information moving between the user and your website can be viewed or modified by third parties. This means that it's possible for attackers to steal information, such as credit card information, emails, names, and so on.
When your site has an SSL certificate, your website will instead be served over a secure HTTPS connection, which is a win for everybody. This turns a web address into something like https://websitename.com.
HTTPS will encrypt all information moving between your website and your users, so that attackers can't steal any information. Only the website and your users can view the unencrypted information.
On top of this, websites using HTTPS are also given the famous green lock in the address bar, which provides a sense of security to users, even if they're not sure what it means on a technical level. Modern browsers, especially Google Chrome, have made efforts to communicate that the green lock is good and that people should trust websites that have it.
Ideally, every website should be using HTTPS, so every website should use an SSL certificate. This is especially important if your website collects user information, or engages users in any way. Even something as innocuous as a simple Contact Form that takes a person's name and email is vulnerable to attackers and should only be available on a website that uses SSL.
If your website takes payment information from users but does not have an SSL certificate, then your highest priority right now is to get one. Attackers steal people's credit card information through insecure websites every day, and you do not want your website to be responsible for such a theft.
Additionally, browsers will flag websites that don't use an SSL certificate as being insecure, and Google will even lower the search result position of these websites, especially if they collect user data.
If you are in control of your website's hosting services, then your hosting provider likely also sells SSL certificates and can install them onto your website automatically, or tell you how to do so. If your website is managed by an agency or development team, then reach out to them and ask about getting an SSL installed onto your website.
If you're one of our clients and are interested in getting an SSL certificate, or you just have a question, fill out the form and we'll get back to you.