There has been a lot of concern over securing web sites lately with all the hacking that has been reported. The news has been all over the new GDRP (the what?), and Google now requires HTTPS/SSL (the who?) whenever any sensitive information is collected from your web site.
Are you confused enough yet?
This is seriously techy-nerd stuff, but it is not intentionally meant to confuse you. So here is what it all means in (hopefully) non-techy-nerd speak.
First: Google requires HTTPS/SSL on web sites or they won’t show up on search engines: FALSE.
HTTPS/SSL is a lock on your web site. Think of a lock that has a 256 number combination. HTTPS is an electronic lock to make it more difficult for bad guys to get into your web site. And, like any lock, they range in price. But the kicker is that all these locks are the same, the price difference is just what store you go to.
You can get a HTTPS lock for your web site from KoolWebHosting.com for under $5.50 per month (billed annually. Click here to get more information or to purchase a HTTPS / SSL lock for your web site.
But don’t listen to the fear mongers that say Google will kick you out of the search engines if you don’t have this for your web site. This is completely FALSE.
(Updated 9/19) Google may rank a web site a bit lower without the lock, but you will not be kicked out of the search engines. The lock is made to keep sensitive information secure, but Google, in its infinite wisdom (pun intended), has decided that having a secure web site is important. Even if you do not ask for any sensitive information on that web site. Yes, it is stupid. But if under $70 per year will help you get higher in the search engines, it’s cheap SEO.
And your customers may care a great deal. If you do collect sensitive information, you may be vulnerable to being hacked without that lock. Get it, what other insurance costs less than $5.50 per month (our certificates are backed with a $100,000 warranty)?
“So great,” you say, “But what about this GDRPTIBD whatever?”
GDRP is a law from Europe, just like internet laws we have in the US. GDRP, or General Data Protection Regulation, is a set of rules web sites must comply with IF (IF) they work with people in the European Union. If you are a Los Angeles company, and you sell as far away as New York, this doesn’t apply to you. If you ship to or from Asia, this has nothing to do with you.
You only need to be concerned with the GDRP if you do business with the European Union. Here is a Wikipedia article on the GDRP if you are interested.
To recap: You do not need to secure your web site if you are gathering person’s name, phone number, and email address; that information is not considered to be “sensitive.” (9/19 update: But Google WILL rank a web site higher if it does have the “HTTPS,” even if you don’t have sensitive information.) You should be securing your web site if you ask for date of birth, social security number, physical address, or any information that would be thought of as sensitive.
And remember, getting security for your web site will never hurt. When in doubt, get it.
Photo courtesy of Markus Spiske