This post has been last updated as of to reflect new, critical information.
As small business owners speak with the designers or hosts of their website, they may hear the buzzword "SSL" and wonder what it is all about and how can it increase traffic to their website. Even more recently, you may have heard of an announcement affecting Google Chrome browsers, which we discuss later in this article. First, it’s important to understand what is SSL and how it works.
Essentially, SSL (Secure Sockets Layer) is a protocol that encrypts the information that is sent between a customer's browser and a business owner's website. In the past, companies chose this protocol to ensure the safety and security of personal information they needed to gather such as bank account numbers, social security numbers or credit card information. Customers were comforted by the extra layer of security that protected their data if the website they were using began with "https", rather than simply "http" as the "s" denoted the use of the SSL protocol. In addition to seeing https at the beginning of the web URL, depending on your browser, you can also often see a green lock symbol to designate the presence of a secure connection.
It's important to note that the presence of SSL does not mean your website or your customers' data is fully hackproof by any means. The added SSL is simply one more level of protection specifically centered around the secure transmission of data to and from the website.
Many small business websites never gathered critical data and, therefore, seemingly had no need to utilize the SSL protocol. Now, Google has decided to give higher precedence, or ranking, in website searches to those sites that utilize the SSL security protocol. A small business owner may wonder why they should consider this new SEO ranking factor or trend, but there are good reasons for considering it a prudent investment.
When a company utilizes SSL for their website, it ensures any potential customer that the identity of their company has been verified by the company that issued the SSL certificate. Customers are more likely to trust and want to interact with websites that have been independently verified.
In addition, although your website may not gather any critical data such as a social security number, with identity theft becoming more and more prevalent, customers are becoming slightly more uneasy even sharing information as simple as their phone number and address. Having your website secured with SSL, tells your customer that even the fairly benign information they share with you is kept confidential.
Of course, any credible method of increasing one's SEO ranking can potentially add new clientele both in the short and long-term. Current clients may also appreciate the added security that SSL certification brings.
Purchasing an SSL certificate is not too challenging; however, there are quite a few different types with varying purposes and costs. That being said, SSL certificates are one of the more difficult elements to install within a website and the server in that they require a high level of care in order to not negatively impact functionality or hurt your search engine rankings. Due to the above factors, we recommend working with a firm that both understands the server management aspect, as well as the implications on SSL affecting SEO.
Google announced in early September that Chrome will now handle sites differently depending on their SSL certificate status. What does this mean? Historically, a site without an SSL certificate (HTTP) have never been marked by Google Chrome as non-secure. Starting January 2017, Chrome will designate any site that collects passwords or credit cards as non-secure if it does not have an SSL certificate. Google has announced this is part of a long-term initiative to mark ALL sites without an SSL certificate as non-secure.
Below you can see how Google Chrome currently treats non-HTTPS sites and how this will change in January 2017 if your site collects passwords or credit cards. It is important to keep in mind that if your site has a Content Management System (CMS) or blog, it likely “collects passwords” simply because you have to login to access your CMS.
Below is specifically what Google indicates will be the eventual treatment of any non-HTTPS site in Chrome. They have not formally announced when this full transition will take place, but have indicated they will continue to expand what is displayed as “Not Secure” as they continue to release Chrome updates.
You may be thinking “This is just Chrome. A lot of people don’t use Chrome so it does not matter yet.” However, NetMarketShare reports that, in September 2016, Chrome accounted for almost 53% of all desktop browser usage. This means 53% of visitors to your site and those Googling your site are likely using Chrome and will likely see a warning when visiting your non-SSL website. Also, Google tends to lead the industry when it comes to browsing on both desktops and naturally the Android phone market. As such, it’s likely that other web browsers will likely adopt the change as well at some point in the future.
At Igniting Business, we highly recommend that your site obtain an SSL certificate. As discussed previously, it imperative that you engage a firm to configure your SSL certificate that both understands the server management aspect and the implications on SSL affecting SEO. Given the transition coming in January, we strongly recommend that SSL be implemented in November or December of this year in order to avoid any potential lost visitors.
Contact our web team for more information on installing an SSL certificate on your site.
Note: Chrome images obtained from Google's Security Blog as a representation provided by Google as to what the changes will appear as when browsing.