8 min read
In the modern digital age, privacy and security are the name of the game in online interactions. That's why companies like Google have stressed an emphasis on switching to a type of connection which is more secure — HTTPS, which utilizes SSL — and want to see every page secure. If your business takes orders and payments through its site, you're sure to know how wise encrypting your online uniform store is. But what you may not know is why SSL is important for uniform retail, even when the web page in question doesn't seem to have any impact on a customer's privacy or data security.
At its most basic, SSL is what allows your website and your customer's browser to communicate safely. It stands for Secure Sockets Layer, and it's the protocol that governs the algorithms for authenticating security and encryption certificates. Actually, SSL isn't what's used anymore; originally developed by Netscape, it's evolved into TLS, or Transport Layer Security. Without getting into the technical specifics, TLS is simply a more advanced, more secure form of SSL.
When a site uses SSL or TLS, the URL changes from an HTTP designation to HTTPS. Because many browsers don't display the full URL anymore, they feature a visual indicator (usually in green and sometimes featuring a lock icon) to let the end user know the web page is secure. Conversely, pages that aren't secured via SSL/TLS will have an indicator that is gray (considered "neutral") or red, sometimes an X or an open lock, to designate it as potentially unsafe. Pages that are known to be unsafe are more obviously designated as such, and most browsers will take users to a page suggesting they browse somewhere else. Given this level of transparency, it shouldn't be a surprise that businesses are switching at least some of their website over to HTTPS. As of November 1, 2016, more than 14 million domains were classified as fully qualified by certificate authority Let's Encrypt alone.
Currently, even when businesses elect to move toward HTTPS, there's many that have elected to only secure certain web pages with SSL/TLS. This is partly because certain certificate authorities make the process of switching to the secure protocols seem both complicated and costly. Unfortunately, individually secured pages are not enough to guarantee security, and if you don't secure your entire domain, you could be missing out on some major benefits.
Starting in 2014, Google made SSL/TLS certification an official ranking signal, although it started as a minor one. In accordance with their usual ranking practices, Google crawls each site on a page by page basis, so individual pages that are secured will receive the ranking boost. As of now, pages that are not secured don't receive a penalty. On the surface, that may seem like a minor impact, but the search giant is making moves that prove how big of a signal certification will eventually be. In 2015, Google proposed that all web browsers eliminate the neutral designation for HTTP pages and flag them all as insecure. If browsers move forward with this, the next logical step for Google is to downrank HTTP pages.
That means that if a business only secures the pages that obviously need it most (e.g., account and checkout pages that handle payment information), only those pages will rank well. Other pages — such as your brand's blog or marketing landing pages — will be penalized and flagged as unsafe. Not only will that make your content and your brand harder to find, it will begin to damage customers' trust in your business.
When Google introduced the idea of HTTPS Everywhere, they pointed out something critical that many businesses don't realize. It's a sentiment that Mike Sherma at Mashable summed up a few years before that: Failing to utilize HTTPS is like asking a customer to walk into a coffee shop with public WiFi, log into the site, and then hand their computer to a stranger for the entirety of their visit.
What SSL/TLS certification can do for web browsing extends beyond simply protecting purchase transaction data. Its strength is certainly in the encryption that the protocol provides, especially when coupled with the data integrity it provides. However, SSL/TLS also provides authentication, and coupling that with data integrity means that information cannot be modified or corrupted during transfer, thus protecting against "middleman attacks." These kinds of attacks allow hackers to do everything from eavesdrop (i.e., control a conversation that's believed to be private and potentially add, change, or remove data in the process) to impersonating either the customer or the business (which increases the risk of spear phishing, which uses otherwise innocuous data to appear relevant and creates the opportunity to spread much more harmful malware).
