In this lesson, we’ll talk about SSL Security Certificates and learn:
Welcome! I’m Leighton, your webmaster. Today, let’s talk about Security. How important is security? Well, when you lie down to sleep at night, is the front door to your house locked or unlocked? I sure hope the answer is LOCKED! But why! Because you care about the safety and security of your family. And we should care the same about the security of our digital homes! Online security has been a huge topic lately. Have you heard of any security hacks or data breaches in the news these past few years? When a major company goes through a security fiasco, it’s big news. Perhaps you’ve heard of these companies that have suffered major data breaches in the 21st century: Adobe, Capital One, eBay, Equifax, Facebook, LinkedIn, Marriott, MyFitnessPal, MySpace, Target, Yahoo, Zynga….. Yes, tons of companies have been the target of data breaches. You may wonder:
First, what gets stolen in these data breaches? Let’s look at some examples: In 2019, more than 218 million Words with Friends player accounts were stolen — including players’ email addresses, names, login IDs and more — when a hacker got into one of the games databases. In 2013 a cyber attack affected more than 41 million of Target’s customer payment card accounts. A Capital One data breach of 100 million credit card applications lead to 140,000 Social Security numbers and 80,000 bank account numbers being stolen… So names, emails, phone #’s, login IDs and passwords, credit cards, social security numbers and bank accounts, to name just a few pieces of data that gets stolen. How do you feel when your credit card is stolen? What if you knew someone hacked into your bank account without your knowledge? It’s very unnerving (and inconvenient) to be a victim of poor security. Hackers attempt to do this on a large scale every day, and that is why security is so critical!
But how exactly do the hackers break in and steal data? I’ll give a few examples. In April 2019, Facebook attracted the spotlight for storing millions of Instagram users’ passwords in plaintext format. Plaintext. That means no encryption, no security. Sensitive data stored without security or encryption is just sitting there, ripe for the taking! It’s kind of sort of like a bank writing their customer account numbers on a bunch of sticky notes. Would you consider that secure? The 2017 Equifax hack originated from an application vulnerability. Have you ever been prompted to update your device? Your software? Updates like those seal the security hole… patch the vulnerability. Like an unlocked door! With 2 unlocked doors, a thief has a greater chance of breaking in, but if you lock both doors (secure those vulnerabilities), it will be much harder for the thief to succeed. In a similar way, that’s why we promptly update our software! To secure any vulnerabilities. In 2020, a few Twitter employees were tricked into giving hackers their logins. That’s called “phishing,” and it’s a common tactic that preys on human behavior moreso than insecure data. The security measures were in place, but the employees unknowingly gave over their logins. As security gets tighter and tighter, phishing is becoming more common, and do you have any idea where that name comes from? From fishing! The hackers “fish” for gullible employees by setting their “bait” in the form of fake company emails and logins. When the employees take the bait, they’re hooked, and the entire company suffers.
So, that’s the security situation, but what can you and I do? It’s unlikely you or I will be in charge of security for one of those major corporations. But those examples illustrate how seriously we should take security, even for small businesses. We aren’t handling millions of dollars, but even the loss of thousands of dollars would still be signifiant for a small business, let alone the hours spent in data recovery.
So what options do we have to secure our clients’ websites? While there’s a whole checklist of things you can (and should do), one of your first and best options is to install an SSL Security Certificate. “SSL” stands for Secure Socket Layer. That enables the https (s for secure) before your website address. This basically encrypts & secures the traffic to and from your website. SSL Certificates have been around for quite awhile. But in the early days of the Web, you only saw these on eCommerce websites — Sites that took credit cards and other personal data. But now, you’ll see these on most websites. Why? What changed? Why is it now advantageous to encrypt a simple brochure site? Since privacy is such a hot topic, even a political one, SSL certificates encrypt web traffic, which makes it harder to intercept, thus in a small way protecting your privacy. It’s all about privacy. In fact, there’s even an initiative that wants to Encrypt Everything and has issued hundreds of millions of free SSL certificates in the interest of privacy and security. Based on current trends, in the near future, nearly all websites will be encrypted by default.
There are 3 major benefits to installing an SSL Certificate. What would you say those are?
PAUSE: At this point, please pause the video, visit some of your favorite websites, and notice whether or not they have SSL certificates installed.
Finally, what’s the cost? In years past, SSL certificates were over a hundred dollars per year. Nowadays, you can get 256-bit encryption to secure all website traffic for $20/website/year through your IONOS account (we’ll look at that in a moment). There’s even a $100/year Unlimited SSL Certificate, which encrypts all of your websites in your IONOS account. Plus, there are more expensive SSL certificates (such as $200/year), which don’t necessarily have better encryption, but more hands-on validation of the business and higher data loss insurance.
Business Opportunity: As a web design business, you have several options. For example, let’s look at the $20/year SSL. You can acquire, install and setup that SSL for, say, $50/year and make a $30 profit. You win. The business wins. Everybody wins! You could just charge the client the $20 that the SSL costs you. Pass that expense directly to them. No profit, not loss. Or, you could install the $100/year Unlimited SSL, charge whatever you want, or bundle the SSL in with the cost of the website.
DEMONSTRATE: Let’s briefly look at the IONOS landing page for SSL certificates.
What are the SSL options on the Cloudways Managed Cloud Hosting platform? If you’re serious about leveling up your agency and pursuing Cloudways, then you will be thrilled to learn that SSL certificates are completely free on their servers! Since there is no charge, that means you have some business opportunities:
So what’s the installation process? Cloudways makes it super easy to install an SSL certificate. All you need to do is add a simple DNS record to your domain name. In fact, let me show you just how easy this is!
DEMONSTRATE Cloudways > Features > 1-Click Free SSL Installation. Cloudways Platform > Applications > “SSL Certificate.” Show how to add the DNS record to GoDaddy and IONOS.
WHAT HAVE WE LEARNED? Security is so crucial. I highly recommend installing an SSL Security Certificate on all your clients’ websites. It’s easy. It’s smart. It’s affordable. And you have a potential profit opportunity by up-charging the SSL and being compensated to set it up.
I’m Leighton, and now you know… SSL security!
It’s not necessary to buy an SSL certificate yet because IONOS hosting comes with a free one and Cloudways doesn’t charge for SSL. Therefore, I want you to read that IONOS SSL web page in-depth to have a thorough understanding of what these certificates are.