Q: With all the financial transactions and other exchanges of sensitive information that happen online these days, there's a need for security precautions—one of which are SSLs. In basic terms, what's an SSL?
A: SSL (Secure Socket Layer) certificates are the standard security technology that encrypts communications between users and websites. In other words, SSL certificates safeguard all data passing through them, such as your login, password, and credit card info. SSLs are an industry standard and millions of websites use them to protect online transactions with their customers.
Q: If you're a small business owner setting up a website, when might you need to consider an SSL?
A: Any e-commerce website (big or small) that handles credit card transactions needs an SSL certificate. As an online merchant, it is your responsibility to protect the information you collect from your customers. Using an SSL certificate shields you and your customers by making sure no one can intercept and misuse their credit card info.
Individuals, organizations, and business websites that collect username, password, and email address should also consider SSL certificates. Without one, attackers can easily see the usernames and passwords your users enter. If your visitors store a password or any other sensitive information with you, then you must take responsibility for protecting it, even if the security of your own site isn’t critical. This is just about being a good host.
Q: How do visitors to a website know that the site is secure?
A: Conscious shoppers will look for the https:// prefix in the URL, and the padlock icon. For websites where security is critical, such as banks, they should also look for the green address bar that comes from an Extended Validation certificate. It is important for e-merchants to create a trusted environment where customers feel confident making purchases.
Most SSL certificate providers will also provide customers a seal to display on their websites, letting customers know their transactions are secure.
Q: What are some common misconceptions about SSLs?
A: “If the lock icon is present, the site is secure.” Unfortunately, this is not the case. SSL certificates protect data from interception while in transit. However, it does not ensure that the website you’re communicating with is trustworthy. There is no guarantee about what the website does to the data once it receives it.
“All types of certificates issued by CAs (Certificate Authority) are the same.” CAs issue various types of certificates to address different purposes. Here are the different types of SSL Certificates:
- Domain Validation (DV) verifies the domain is registered to the person requesting the certificate.
- Organization Validation (OV) verifies the organization is a registered legal entity and the person requesting the certificate is authorized to act on behalf of the organization.
- Extended Validation (EV) verifies the organization has a verified phone number, legitimate business address, and verified requester.
Q: What kind of annual investment can a small business owner expect to make to improve/maintain the security of information on their website?
A: Depending on the type of SSL certificate you need, expect to invest as low as $50 a year to $150 (or $0.13 to $0.41 per day) to secure your customers’ sensitive data—a small investment to ensure your reputation and sales.
Website Security 201
Connect with a SCORE mentor for free guidance!