Does Your Website Need an SSL Certificate?

http browser security message

In 2018 Google started the process of flagging websites as untrustworthy if they do not have an SSL certificate, and our Omaha web hosting team began making recommendations to all our clients to purchase and install and SSL certificate. If your website is not updated with an SSL certificate people who visit might see a red “Not Secure” message in their web address bar (URL), along with a full red screen warning them to advance at their own peril. As an Omaha web design and web hosting company we’re on the front lines and have a close up view of how this is affecting website owners. 

In addition to giving a dangerous impression, non-secure websites will suffer in Google search rankings making it increasingly difficult to find your website. The good news is it’s easy to get a SSL certificate and avoid having the dreaded red screen greet your visitors.

Who Needs an SSL Certificate?

After the release of Chrome 62, EVERY website with any kind of text input will need an SSL certificate. If your website has text inputs in the form of login panels, contact forms, search bars, etc., you’ll need the upgrade. If your website is on HTTP:// you’ll need the upgrade. There are very few websites that can get away with not having an SSL cert now. 

Benefits of an SSL Certificate

Secure Sensitive Information

If you don’t like the feeling of being “forced” to upgrade by Google, there are some benefits that come with the certificate. For starters, any information you send on the internet is passed from computer to computer and eventually arrives at the destination server. If you’re sending unsecure information any computer in between you and the server can see what your sending. Credit card numbers, usernames, passwords, and other sensitive information are vulnerable. When you use an SSL certificate the information becomes unreadable to everyone except for the server you’re sending the information to. Securing sensitive information is always good practice.

Cybercriminal Defense

Cybercriminals are becoming more and more sophisticated. Not only do they put together scams, they are starting to use techniques that capture unsecured data that’s moving between destinations. More than ever an SSL certificate is necessary to ensure your sensitive information is secure from these tech criminals.

Trust

Perhaps the most significant benefit is trust. When visitors come to your website and it has an SSL certificate they will see visuals that signal trust. In the URL they’ll see a lock and a green address bar indicating that secured encryption is in use. When your visitors see this, they’ll feel at ease and will stay longer. Using HTTPS will give you a stronger Google ranking as well.

SEO Benefits

Switching to HTTPS moderately correlates with organic search engine rankings. While it’s not a major determining factor, Google has stated it could be a tie breaker in indexing, ranking an HTTPS website above the HTTP competitor.

How an SSL Certificate Works

SSL (Secure Sockets Layer) is standard security technology that establishes an encrypted link between a web server and a browser. The link makes sure all the data passed between the web server and browsers remains private and secure. The process looks something like this: 

  1. A browser or server tries to connect to a website secured with an SSL certificate. The browser/server requests that web server identify itself.
  2. The web server sends the browser/server a copy of its SSL.
  3. The browser/server checks to see whether or not it trusts the SSL. If it does, it sends a message to the web server.
  4. The web server sends back a digitally signed agreement to start an SSL encrypted session.
  5. Encrypted data is then shared between the browser/server and the web server.

Don’t Get Flagged!

Having an SSL certificate is now a must have if you want visitors looking at your site – which you most certainly do. It’s important for SEO and user experience. If you don’t already have an SSL certificate you could be losing hundreds of potential customers every day – or more depending on the size of your business.

5 Ways to Spot a Phishing Attempt

Phising is an attack often used to steal user data, ranging from email addresses, to login credentials, to credit card numbers, to Social Security numbers. The attacker disguises themselves as a trusted entity and uses this credibility to trick users into opening an email or text message that can lead to the installation of malware, a ransomware attack or the reveal of sensitive data. It can be difficult to spot a phishing attempt quickly, so here are 5 ways to spot a phishing attempt to help protect your email and your computer from the nasty effects of a phishing attack. phishing attack icon

Message URLs are Mismatched or Misleading

It’s not uncommon that a phishing message contains a URL which looks valid. Hover your mouse over the top of the URL to see the hyperlinked address, and if the hyperlinked address is different than the address displayed, it’s likely malicious. Additionally, look for misleading domain names. Attackers often utilize big names like Apple or Microsoft in a domain name to disguise a malicious link. The DNS naming structure is ChildDomain.FullDomain.com. An example would be, info.LegitDomain.com. A phishing attempt, on the other hand, would restructure to FullDomain.com.MaliciousDomain.com. For example, Microsoft.com.MaliciousDomain.com.

Spelling and Grammar Errors

Any official message sent from a legitimate company will likely be reviewed for spelling, grammar and legality. If a message is full of errors it’s likely malicious, so delete it!

It Gets Too Personal

If an email is requesting personal information, be wary. A reputable company will never request a password, credit card number, or security question. It’s even be likely that a phishing attempt will request money to cover expenses, taxes or fees.

You Didn’t Initiate the Contact

If you receive an email stating you were selected as a winner for a lifetime supply of magical, age-reversing skin care, but you never heard of the company and you never entered the contest… delete it. If you are announced as a winner or provided a promotional opportunity, but never initiated contact with the company, it’s a scam. And, if it sounds too good to be true, it probably is.

Unrealistic Threats

Some phishing attacks use intimidation to trick people into giving up sensitive data. Some key phrases for these messages include, “Urgent Action Required!” Your account has been compromised!” “Your account will be closed!” Scammers pose as banks, credit card providers, email providers and government agencies to scare people. Financial institutions and government agencies will not request sensitive data over email, so do not be tricked! If something just doesn’t look right in an email, trust your gut reaction and delete the email. It’s always helpful to have an email hosting support team to assist in identifying phishing attacks. We take website security and email security seriously. Many email hosting support teams are not readily available to offer quick advice or assistance in the event of a phishing attack. But, it’s just one of the many benefits you get when you choose our Omaha website hosting team – real human support when you need it!

Get Email Hosting Quote