A few months back, Matt Cutts, Google’s Head of Webspam, spoke out on rewarding secure websites, or websites that work over HTTPS (Hypertext Transfer Protocol Secure) and SSL (Secure Sockets Layer). Any time Cutts addresses things that have the potential to be benefits in ranking and/or search performance, it throws website owners into a frenzy; this time is no different. Many website owners are wondering if now is the time they should switch their site over to be secure. Before you can decide if that move is right for your insurance agency’s website, you must consider what that means and if your website truly needs to be secure.
What Does Having a Secure Site Mean?
When you have a secure website, it becomes authenticated; protecting users’ privacy and encrypting information that gets passed through your site. An SSL certificate protects a user’s privacy only when information is being passed. In the case of a website visitor simply clicking through links on your website, reading content, or watching videos, the certificate isn’t needed. However, if that visitor decides to fill out a form, the SSL certificate will then encrypt the data that is being passed along through the form, thus protecting their privacy.
Oftentimes you’ll find that eCommerce websites, bank websites, and other financial institution sites are secure, given the sensitive and confidential nature of the information they obtain.
Google transitioned to a completely secure site in September 2013. You will notice when a website is secure, you’ll see “https” in the URL:
This indicates that the website you’re on is secure and encrypts the data you’re passing through.
Should Your Website Be Secure?
The decision to make your website secure or not can depend on the type of information you’re collecting. Making an eCommerce website secure is a no-brainer; these sites collect credit card numbers, gift card numbers, etc. Websites for financial institutions must be secure as well, as they can house bank account numbers, social security numbers, loan information, and much more. Forms that collect basic data, such as name, phone number, or email address, would not warrant the need for an SSL certificate. SSL certificates should be reserved for more sensitive data.
The decision can also depend on your E&O insurance carrier. Many carriers require agencies to either have any page that contains a form be secure, or that forms do not have any general text areas without validation (like a comments field). If you’re unsure of what this means, it can be easy to go the route of applying an SSL certificate to all of your pages, or all of your pages that contain forms. However, there are a number of factors to consider before making this decision.
- Cost: The certificate itself can cost anywhere from $50 to a few hundred dollars, depending on who you buy it from and what level of protection you want. Depending on where your website is hosted, you may also need to pay for a dedicated IP address.
- Browser Compatibility: Keep in mind your current customer base and website visitors. If your clientele primarily uses outdated browsers (especially Internet Explorer), a secure website may display errors or not load at all. PRO TIP: Look in Google Analytics at the breakdown of browsers bringing your website traffic. If the majority of your visitors are using outdated versions of Internet Explorer or other browsers, you may want to think twice about making the move.
- Caching: Many websites and servers use a method of temporary storage, called caching, to save and load content faster. You cannot cache pages that are being secured through an SSL certificate. This can directly affect your website’s load times, and ultimately, your visitors’ experience.
If your E&O carrier is not a factor, then it ultimately comes down to your agency’s preferences. If you’re not being forced to make the change, consider all of the facts before making your decision. Has your agency recently moved to a secure website? Tell us about why you made that decision in the comments!