In just a few weeks Google will be launching new changes and initiatives to make SSL websites (https://) the new expected norm. This is not a bad thing overall but as many small to medium companies will note, it is just the next forced change that continues to cause changes to websites. A few years ago a website was planned, designed and lasted for years without major modifications. The internet is a great platform to use for business but it is becoming costly as Google and other companies force changes.
Two years ago it was mobilegeddon, where Google was simply going to hide any website from phones and ipads in their search results that was not mobile friendly.
The EU passes GDPR and any company needing to do business with Europe needs to comply asap to new standards.
SSL for everyone! Or else! Google is the largest search engine (Alphabet parent company) and most popular on the internet. Keeping them happy with your website is key to success. Target good results in Google and you will get good results with all other search engines. Just ask any SEO company worth their salt and they will tell you the same thing.
So for the non-technical people out there, what is SSL?
SSL stands for Secure Socket Layer. In short it is a way to encrypt data to keep it secure – to a certain extent.
Making every website secure and encrypted data protection sounds great! Certificates are cheap and easy to install. What is the problem?
There is no major issue really. It is not a major task to purchase or install an SSL certificate and put a website behind SSL. The main issue is simple frustration with the continual flow and change on the internet. Websites cannot sit still for very long before something else will come through and force a change just to remain compliant and or relevant to the standards constantly being set by someone or something. Clients get frustrated and companies like Sneaker stay busy.
This SSL change will start slow – but on July 26th 2018, it will start with Google Chrome browser updates that will put new warnings on any website that is not SSL or Https designed. The trend will continue until the warnings basically put people off of the confidence to use a website without SSL.
Not so terrible? Well, here is the problem. False confidence in SSL current standards is the issue. SSL is not really secure.
Imagine the front door of your house without a lock. Now imagine your front door with a paper clip keeping it closed. It is better than being unlocked but not by much.
SSL is primarily a way for a user to know they are working on a real, valid website that taken the time to become certified and put the basic level of security on the website and transactions. It helps.
Known encryption technologies are accessible by every major hacker and organization in the world that want to access your data, see your transactions and watch and see what you are doing. Through methods of packet sniffing, weak hash algorithms, forged root CA certificates, or just simple bugs and flaws in the code that makes SSL work, (See the last 5 years of major SSL bug patches) the result is that SSL may keep the beginners out of your data, but not much more then that.
SSL is largely a social and political standard that the industry has adopted to give the appearance of security while providing much security at all. Imagine an entire internet where everyone thinks every website Google or other companies rubber stamp approval on are safe and secure, where in reality nothing has truly changed. (Go read the help forums in Etsey – where shops and customers complain their credit cards were stolen just after using the website) Where a website has SSL and HTTPS they have done everything in the industry standard to keep the website and transactions safe, yet nothing is protected completely. This is the issue with forcing SSL on ever website, a new false sense of security. A new standard would be better. A new technology. Instead we are being told the paper clip solution is the best and everyone should adopt it or else. Your website may be ranked down in SEO results, or hidden from visibility at all in search engines.
Sneaker Web Design is a web savvy company and we do help clients get SSL and TLS certificates installed on websites. Industry standards are not terrible, but they are simply not enough.
What do we recommend for security and protection for website transactions, database encryption, and privacy concerns?
- Diligence
- Awareness
- Scrutiny
- Audit
- Evaluate
- Change
This is accomplished by:
- Reviewing logs,
- Activities of bots (and prevention of bots hitting a site)
- Keeping up to date with security news and industrial standards and patches.
- Listen to feedback from your users (are they complaining their card was stolen?)
- Scan your website, scan your server and scan again for malware, odd files, or unexpected changes.
- If something seems off or insecure, then make a change in the payment process
- Change your hash or encryption rate or method
- WordPress sites can change their ‘salt’ to new random strings
- Use available third party security apps and filters
- Block known bad IP’s and Countries
- Blacklist the bad guys
- Whitelist the good guys
- Connect with an experienced Web company that can assist, evaluate, and change your site to the best technology can offer at this time.
Image generated from public domain sources. http://www.clker.com/clipart-padlock-green.html https://pixabay.com/en/paperclip-clip-office-178126/