Should You Secure Your Website with SSL?
Last Friday a ransomware cyber-attack hit computers worldwide. The malware, named WannaCrypt, infected computers worldwide and demanded ransom in the amount of $300 USD, payable as Bitcoin. The ransomware took advantage of an already known vulnerability in Microsoft’s Windows operating system. Using technology from a repository of hacking code stolen from the National Security Agency (NSA), WannaCrypt quickly spread to over 230,000 computers from the United Kingdom to system in Russia, China.
Although a few stumbled upon a way to defend against infection and slowed propagation, the malware evolved into variants that allowed it to continue albeit at a slower pace. A fast moving cyber-attack like WannaCrypt leaves many wondering what else do they do to protect their computers and networks.
The most important issue to understand is that Microsoft had already recognized and responded to the vulnerability that allowed WannaCrypt to spread. Microsoft released a Windows patch in March 2017 that dealt with WannaCrypt. Any legitimate copy of Windows what was kept up-to-date was protected against the virus. This also explains why China and Russia were the hardest hit – these countries possess the most pirated copies!
What is SSL?
SSL is short for secure socket layer. It is the standard security internet technology used to encrypt the data transmitted between a web server and a website user’s browser. SSL encryption ensures all data passed between the web server and browsers remains private. This is contingent on all pieces of the link between the user’s device and the webhost also being secure, especially the internet connection. If the user is on a public Wi-Fi connection, such as those at a hotel or airport, then a hacker has an opportunity to intercept whatever is transmitted over the wireless connection.
What about websites?
Websites were not affected by the WannaCrypt malware, although there have been numerous cyber-attacks where hackers stole thousands of credit card numbers. Recent data breaches affected global companies such as Yahoo!, Target, and Home Depot.
Although adding a secure socket layer (SSL) to your website is a good idea, it would not work against this round of hacking. WannaCrypt is not targeted at website. It exploits a vulnerability in MS Windows and only works on computers running MS Windows.
However buying a secure certificate for your website is a good idea. It has a positive impact on your organic search rankings with Google.com. Although SSL is one of hundreds of ranking factors, it is not a requirement and Google is not demoting websites that do not have SSL enabled. There are many free and low-cost SSL certificates available should you choose to use one.
AskCyberSecurity.com has SSL encryption even though it does not process payment data. The only information that we ask for is for you to join our email list. Google.com is encrypted as well.
If your website requests any personal data, has a membership area, or collects payment information such as credit card numbers, it must use SSL encryption. In fact, if your website processes payments online your credit card processor will require the website to employ encryption technologies such as SSL. They may even dictate which secure certificate you must buy to do business with them. While SSL will not stop your website from getting hacker, it will help stop hackers from stealing information transmitted between the website user and the web host.
So should you secure your website with SSL? Yes. It does not hurt anything and it fairly inexpensive. The benefits are secure payment processing and improved Google rankings.
