Protecting your website and online visitors important shield for solos

Thursday, October 12, 2017 • Volume 163, No. 199
© 2017 Law Bulletin Media. All rights reserved.
Reprinted with permission from Law Bulletin Media
Glenn E. Heilizer, “Sole Speak” Column
glenn@heilizer.com

If you are a sole practitioner with a self-maintained website, make sure to secure your site with an SSL, or secure sockets layer, certificate. This column explains the basics of SSL protection and why you should install a certificate today.

Securing data on your website

When a website is visited through any browser, the resulting connection can be monitored and intercepted by hackers. Thus, if your site accepts credit card payments, uses passwords or exchanges other sensitive information with clients and others, the data can be stolen without detection.

Secure sockets layer is a protocol that encrypts data transmitted between a visitor’s browser and your site’s web server. When the visitor accesses your site, a secure “handshake” connection is established and exchanged data is encrypted. Any cybercriminal that intercepts the transmission cannot decode the information without the encryption key.

Some web hosting packages automatically provide SSL encryption. To check your status, examine the website’s URL address bar. SSL-encrypted sites will use the “https” designation and display a closed padlock icon, while unprotected sites reflect the standard http protocol.

Even basic websites need SSL

Even if your website does not accept credit card payments or have password-protected pages, SSL encryption still is a must.

First, websites can be compromised in unexpected ways. Consider a basic online contact form, where prospective clients inquire about retaining your services.

A data thief who intercepts the contact information could impersonate your firm and manipulate the prospective client — or conversely impersonate the client and victimize your firm — with unfortunate results.

Second, using SSL certificates should boost your online rankings. According to the search engine giant Google, the use of SSL on a website is a positive ranking factor in prioritizing search results.

Third, an installed certificate gives your firm’s website a professional look. Clients and prospective clients will feel confident in visiting an SSL-protected site and freely perusing its contents.

Lastly, some web-browsing companies are ramping up their warnings for non-SSL sites. Since January, the highly popular Chrome browser has displayed a “not secure” warning in the URL address bar for sites that contain password or credit card fields. Starting this month, Chrome began to flag all unprotected sites where any data is entered and to warn visitors who browse non-SSL sites in private “incognito” mode.

How to install an SSL certificate

Most web-hosting companies will install a basic SSL certificate for $50 to $100 per year. To use this option, simply contact your web-hosting provider and subscribe to the service.

Alternatively, if you want to self-install your own free certificate, check out “Let’s Encrypt” at letsencrypt.org. That organization is funded by the nonprofit Internet Security Research Group and promotes security and privacy on the web. Certificates from Let’s Encrypt are completely free, but need to be updated every 90 days.

Some web-hosting companies offer built-in support for installing a free certificate from Let’s Encrypt. Consult your provider for this option.

Otherwise, the installation can readily be accomplished through your website’s “cPanel” interface. Review this helpful tutorial at www.youtube.com/watch?v=GPcznB74GPs. Installation is straightforward and takes less than 10 minutes.

Check your website for insecure items

As a final step, once you have installed your SSL certificate, confirm your site’s integrity by navigating to the “Why No Padlock?” website at whynopadlock.com.

After you enter your firm’s domain name in the search bar, the free service will perform a thorough check and report any “insecure elements” that remain on your site.

Typically, these involve links to other websites or photos that are not secured with SSL encryption. Resolve those items on an individual basis, and your site will be fully protected.

In sum, SSL encryption is a core requirement for any sole practitioner’s website.

According to a February report from the Electronic Frontier Foundation, just under half of all internet traffic remains unprotected. Install a certificate without delay and create a safe browsing environment for your visitors.