Why this site is HTTPS encrypted and why yours probably should be too
We all know how important online security is; I mean to some extent its common sense. After all we trust websites with a broad range of personal details, everything from our names and addresses, to our personal preferences, browsing habits and bank details.
This information is used to create tailored online experiences, giving individuals access to services that prior to the internet, simply wouldn’t have been possible to access remotely. Because personal data is shared so routinely, we all tend to take it and the security which underpins it for granted.
But as Bob Dylan famously sang, ‘times are a changing’, and so it seems are customer expectations. In recent years online security has repeatedly made headline news. From Edward Snowdens leaked global surveillance programs, through to massive data breaches by well established brands and disastrous security vulnerabilities like Heartbleed and Shellshock. Consumers are increasingly becoming aware of just how vulnerable their data is.
So how can I protect my website?
Unfortunately there's no single way to avoid all security threats, well, other than avoiding the internet altogether. However, there are ways to minimise the potential for problems, one of the more cost-effective of which is the use of SSL (Secure Sockets Layer) or its successor TLS (Transport Layer Security).
These technologies help ensure that data passed between your websites users and the web server, will be securely encrypted.
As a nice little analogy you can think of it this way. Imagine an online shopper and a website server are two people standing next to each other. In order to communicate they’re talking to each other in plain English. Anyone who listens in can hear what’s being said, whether or not this information contains private information.
So what does encrypted traffic do to this picture? Simple. The two people are still talking to each other and what’s being said can still be overheard. The only difference is now they're communicating in a language you’ve never heard.
They can still understand each other because they know how to translate this language back into their native tongue, but as an eavesdropper you can no longer understand what’s being communicated.
Sounds good doesn’t it? But there’s still a problem.
So information sent via SSL or TLS is secure while in transit, but information can still be taken on arrival at its destination. To illustrate I’ll take my analogy one step further.
So you’ve listened into a full conversation in an undecipherable language and not understood a word of what was said. But you value the information that’s been communicated, so decide to take matters into your own hands. You notice that both parties have written the information down, so you decide to pick one of their pockets and take the information that’s now back in plain English.
In other words, just because the information reached its destination safely, that doesn’t mean it’ll remain safe.
So if encrypted traffic doesn’t fully protect users, why use it?
Well a range of reasons really. I’ve listed a few of the more important points:
- Although they’re not a be all and end all solution, they are an important part of overall website security.
- They provide a way to convey trust via simple visual clues, usually a padlock symbol to the left of the URL at the top of the browser. This helps reassure your websites users that you take security seriously.
- If you’re taking credit card information then legally you need to encrypt your websites traffic in order to meet PCI compliance.
- Google has recently adjusted its ranking algorithm to give sites that use HTTPS encryption a small ranking boost. This means that if you’ve got strong competition, SSL or TLS encryption could give your site the edge needed to outrank your competitors.
But most importantly of all...
The reason you should use HTTPS encryption is because it’s becoming the norm and users are increasingly looking for it. Moreover, it’s the right thing to do.