Should I Encrypt My Website, and How?

I remember a simpler time in history when I could just take my trash out to a can outside, and not have to worry about somebody combing through it for sensitive information which they could use to steal my identity and wreak havoc in my life.  Now I have to go through the extra effort of shedding a lot of the documents that I have in keep vital information from being compromised The world has changed, and privacy is an issue that we are more aware of than ever before.

Now I am worried about my privacy being invaded by someone going through my trash.  How much more would I be worried about my privacy if someone was able to go through all the data that I send and receive from the internet?  How much of our lives would be available to anyone with the knowledge of how to eavesdrop on our network connection.  You may not be aware, but when you see a little green lock in the address bar of your web browser, the data that you are sending and receiving is encrypted.

A Little Bit of Technical Mumbo Jumbo

There are a few terms you will hear thrown around when we’re talking about browser encryption.

• • SSL: Secure Socket Layer
  • TLS: Transit Layer Security (often the terms SSL and TLS are used interchangeably)
  • HTTPS:  Hypertext Transfer protocol secured, which you will see at the beginning of web addressing using encryption.
  • SSL certificate:  The certificate is what certifies that the site is who it claims to be.

The exact technical definitions of the terms are not important for the purposes of this post, but you can think of it like this.  You send a letter to your bank.  The letter may or may not contain sensitive information, but before your send the letter, it is translated into another language. This is a strange language that cannot be read by anyone, except the bank.  The bank alone holds a super secret decoder ring that will allow it to decipher your letter.  The same thing happens when the bank sends you a letter in reply.  You have your super secret decoder ring that you’re able to use to translate the letter back into a language that you can read.

3 Guarantees of SSL Encryption

Having SSL or TLS encryption gives you 3 guarantees when you send your letter to the bank.

1. No one can intercept your letter and steal the information in it during it’s trip from your home to the bank.  It is possible for individuals to eavesdrop on data sent and received by your computer.  SSL encryption would make that data unreadable by such a 3rd party.
2. No one can change contents of the letter while it is en route.  What you send is what will arrive.  Imagine if someone was able to get a letter to you from the bank, and stuff ads in the envelope and that some of those ads may actually be for scams or malware.  With SSL encryption, no one can add to, remove from, or otherwise change the contents of the letter while it is in the mail
3. No one, pretending to be the bank, could read your letter, and get the information from it.  It doesn’t matter if someone says they are from the bank, even if they have a nifty name tag and employee ID if they don’t have the super-secret decoder ring, they can’t read the letter.  SSL keeps hackers from being able to pose as someone from the bank.

SSL Encryption is Becoming Vital

What we should take away from this is that it is very important for us to use encryption on our websites.  Even if you’re not the bank, you still want to ensure that your communication is not compromised.  In years past, SSL was complicated and expensive and was therefore reserved for applications where privacy of the utmost importance.  Today there are services which allow us to get SSL certificates for free (https://letsencrypt.org).  With a small amount of effort, we can secure our website user’s data, and it makes sense that we do that whenever possible.

Google has also started giving a ranking boost to sites with SSL certificates, and may also start marking sites that do not use SSL as “unsecured” on the search engine results pages.  If you want people to visit your site from search engines, you should seriously look at getting SSL encryption on your site.

In recent months, many hosting companies have been installing WordPress using SSL as a default.  The industry is moving towards 100% encryption on the web.  If you want to start using SSL on your site, contact your web developer, or your hosting company.

Next time you are on your favorite website, and you are signing into an account, or providing contact information, look for the lock.  If it’s not there, you might want to think twice about what information you provide.