Does SSL Protect Your Site From Hackers?

It seems like every week, we’re getting hit with news of hackers stealing personal information and credit card information from major retailers, banks, and more. Today, we’re going to explore how to protect your e-business and your customer’s sensitive data. You may not think your site is worth being hacked into, but websites can be compromised all the time. And NO SITE is too small or too big to get hacked.

What is SSL?

SSL, or Secure Sockets Layer, is a technology that encrypts communications between the end-user and the server. It helps to prevent hacker attacks that are based on eavesdropping. The user can easily tell if a site is protected by SSL if there is an “https://” in the address bar.

GoDaddy (one of the internet’s largest registrars and hosting companies) explains SSL like this:

“Think of an SSL certificate as a giant windshield for when you drive on the information super-highway. You wouldn’t head out on your local freeway - especially at night in a rural area - without something between you and all the bugs. You likely couldn’t see, and besides, you’ve already had your protein for breakfast. In much the same way, an SSL certificate protects your site - and its visitors - from many digital bugs, worms and other nasty web creatures.”

Is a website truly “secure” with SSL?

The simple answer? No. BUT it can help.

SSL secures the network communication link only. Although this is an important layer of security for sensitive applications, most attacks on websites are not done this way. Most attacks on websites are actually done via the web server or direct attacks on users (through malware or “phishing” scams).

SSL does prevent 3rd parties from “listening” to communications between the user and the website.

When SHOULD you have SSL for your site?

Here at MMG, we recommend having SSL for any e-commerce sites or any sites where you have or will be storing personal information for your clients/customers. And, even though “eavesdropping” may be a less common form of cyber-attack on a website, there is no reason not to protect against it if the consequences for you or for your customer base could be serious.

What kind of “sensitive private data” needs protection?

Private data is any information that should only be known to you (the site owner / business owner) and that user. We recommend SSL for credit card numbers, personal login information (passwords), or anything else that you would deem as sensitive/private. Personal data is data that is commonly/easily found in other places, but if there is enough of it in one place, it could be used in identity theft and this is viewed as a plausible threat.

What are the advantages of having SSL on your site?

• It can reassure your users that you do consider their security and privacy to be an important issue.
• It can verify that the website owner / business owner is really who they claim to be. By clicking the padlock icon, your users can find out more information about you.
• Google gives HTTPS as a signal in their search ranking algorithms.

What are the disadvantages of having SSL on your site?

• If you have SSL, it’s slower because every byte of information needs to be encrypted and decrypted by both the user and the server, and this takes more effort than regular transmission.
• SSL can create an administrative burden. The certificates cost money, require paperwork, and verification by a third party, and they need to be renewed, just like domain names. Furthermore, if you neglect to renew your SSL certificate, your website will be red-flagged as an insecure site, which looks even worse to your users and the public than simply not having SSL at all.
• SSL certificates also require private IP addresses, which may come at an extra cost if you do not already have your site hosted on a private server.
• If you run your entire site under SSL, you may draw concern from your users if you link to non-SSL content and they come across the security warnings when going from secure to non-secure content. These non-SSL content areas can include badges and plugins from third-party vendors and any social media content.

Want more info on SSL?

• Check out Google’s 2014 video - HTTPS Everywhere
• Why Should I Use An SSL Certificate On My Website?
• Decoding SSL : How does SSL certificate protect against hacking?
• HTTPS does not secure your website
• Why SSL? The Purpose of Using SSL Certificates

Are you concerned about your site’s safety? Want to do a site review for the upcoming new year?  {contact-form}