The Mark of Online Trust

When someone visits your website they should feel secure in knowing that any information they exchange with you while on your site will be secure and safe. How can they have confidence that your site is secure? That is where the three letters SSL become very important.

You need to make sure your website is using the most recent encryption and security standards for websites. SSL means “Secure Socket Layer”. It is a technology that protects information that users share with you on your website. SSL has been replaced with a superior technology called “TLS”, which means “Transport Security Layer”. Both of these three-letter abbreviations are indicators that your website is more trustworthy.

TLS is a newer protocol developed for a secure connection between a user and your website. Like SSL, it encrypts information shared by the user so it is unreadable by anyone who intercepts it. Although TLS is the more current technology, the term SSL is still commonly used to refer to both technologies. For the purposes of this article we’ll refer to them together as “SSL/TLS”. It may sound intimidating to talk about technical terms like this, but you don’t have to be an expert to know that you want your site to be secure. Small business owners need to be aware of what SSL/TLS is and that they need it. You don’t need to understand all the details of how it works. Your webmaster can handle the details for you.

Here are the basics:

Have you ever noticed the little padlock icon next to a website address in your browser? This padlock icon is another indicator that your website (and your business) can be trusted. What it really means is that your website is using SSL/TLS to encrypt information sent back and forth between the user and your site. It makes the information your visitors share with you secure and keeps it out of the hands of those with malicious intent.

Most websites today have this protocol implemented. It is a standard of trust in the online world and is a must for your website. You may also be penalized in your search rankings with Google and other search engines if your site does not use this secure protocol.

Just like the padlock is a mark of online trust, your webpage will be flagged with a warning to visitors if you are not using SSL/TLS.

HTTP => HTTPS
In addition to the padlock icon, there is another indicator of whether your site uses TLS/SSL or not. You have probably seen the prefix “http://” in front of web addresses. Nearly all publicly-accessed sites on the internet use http, which simply defines the language used to communicate between your browser and the web servers. It means “Hypertext Transfer Protocol” and is the default language used by browsers. That is why you don’t need to type that part. The browser just assumes it. The details of HTTP are not important for the purpose of this discussion. However, what you should look for is that your site uses a variation of HTTP called HTTPS. The “S” stands for “secure” and indicates (along with the padlock) that you are using SSL/TLS and can be trusted.

Getting Started with SSL/TLS

If your site is not using SSL/TLS it does not necessarily indicate that your site has nefarious intent. It does, however, indicate that any information they share with you is vulnerable to being intercepted. Savvy internet users will avoid insecure sites. You can help users feel more comfortable using your site when they trust you to keep their information safe.

It all starts with acquiring and installing a TLS Certificate on your web site. This is still sometimes referred to as an “SSL Certificate”. This certificate is issued by a trusted Certificate Authority that is recognized by the browser and/or operating system of your device. Once installed it activates the padlock icon and HTTPS protocol for visitors to your site. It establishes a secure connection between your website and the user’s browser. Your certificate has an expiration date. You need to keep it current.

If you allow your TLS certificate to expire, visitors to your site will not have a good experience. In fact, most web browsers will not allow a user to visit a site that has an expired, misconfigured, or invalid certificate without warning them that they are about to visit an insecure site.

The last thing you want is for a visitor to your website to encounter a message like this. This damages trust and will likely result in the visitor going elsewhere.

B3 Helps

All B3 subscribers can have the peace of mind that B3 is working to help you stay on top of these things. B3 monitors your website for several key indicators of online trust - including your TLS Certificate. B3 alerts you if you are not using SSL/TLS and when your TLS certificate is approaching its expiration date - all at no additional charge to you.

3 Things you should do

The first thing you should do is visit your own website and make sure that the padlock icon shows up in the browser. If your website does not use HTTPS you will see a caution icon and the user will be notified that the site is not secure. If your site is not using HTTPS you should contact your webmaster to get your TLS certificate installed or updated immediately. If the padlock appears, you are in good shape. This will tell you whether or not you are using the secure protocol. However, there is still more you should do.

The second thing you need to do is to check your TLS certificate to make sure that you don't let it expire. Your TLS certificate is the key to using HTTPS. It is a certificate issued to your site which enables the encryption to work. A TLS certificate is issued to your site for a certain term and will expire at some point. Keeping your TLS certificate current is what keeps your site secure. Don't let it expire. You can see the details of your certificate (including the expiration date) by clicking on the padlock icon next to your web address in your browser. If your expiration date is getting close, make sure you contact your certificate authority or your webmaster and ensure that it does not expire.

The third thing you should do is look for emails from B3 which will help you stay on top of this. B3 is looking out for you and working to help you keep your website secure. B3 regularly monitors your website and will alert you via an email update each month of the status of your site's security protocols and your TLS certificate. Log in to your B3 Account any time to discover even more ways B3 Helps you build trust with your online presence.

Your TLS certificate is one of several ways that B3 Helps you build trust in your business. We also regularly visit your website to check for things like spelling errors, broken links, and uptime. B3 also monitors information about your business on other online resources and gives you regular email alerts.