Over the years, we’ve heard Google’s gentle reminders:
“Hey, maybe you should get an SSL certificate for your website.”
Those not-so-subtle nudges generally tended to come out right before Google pushed a new update to its search algorithm. As has become evident these past few years, Google strongly favors websites that prioritize security and rewards them in kind with higher search rankings. SSL certificates and HTTPS are a big part of this.
Fast forward to 2018, and Google is no longer being subtle about this.
“For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption… Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as ‘not secure’.”
So, here is what we need to ask ourselves today: What exactly is an SSL certificate? Do law firm websites even need them? And how do you get an SSL certificate?
What is an SSL Certificate?
The “SSL” in SSL certificate stands for “Secure Sockets Layer”. In layman’s terms, all it really means is that you have a certificate that places an additional layer of protection between your website’s server and your visitors’ browsers. It also moves your website to an HTTPS (as opposed to the non-secure HTTP) web address.
As a result, when visitors enter information into fields on your website (including payment forms, login screens, contact forms, and live chat), their responses are hidden from prying eyes.
For the most part, website security isn’t necessarily something visitors can detect. There’s usually no way of knowing whether a website has a firewall, anti-malware software, or even a spam blocker installed. With an SSL certificate, however, there is proof that the owner of the site has taken steps to protect visitors’ sensitive information.
You’ve seen this before: a “Secure” notification in the address bar. In addition, if you click on the padlock and security label, you can see an expansion of details about why it’s worthy of that designation.
When you click on the “Certificate (Valid)” link, you can actually see details about the SSL certificate.
This will look a little different from browser to browser though. For instance, here is what our SSL certificate looks like in Safari:
While there is a padlock that lets visitors know there’s some form of encryption protecting the site, it’s not as blatant as Google’s choice to paint it green, display the HTTPS part of the web address, and label it as “Secure”. But that’s why this July 2018 move is such a big deal. For websites without one, Google will explicitly post a “Not Secure” message in that spot.
Do Law Firm Websites Need SSL Certificates?
SSL certificates are meant to protect visitors that enter sensitive data into a website. But what if your law firm doesn’t collect anything other than a name and email address for the purposes of scheduling a free consultation? Is there anything worth protecting?
Perhaps not. And, to be honest, some visitors might not even know to look for a “Secure” message and HTTPS address in their browser window.
That said, for those concerned with security, they will know to look out for HTTPS. They may not necessarily understand the underlying technology that makes it secure, but they’ll recognize the green markers.
And that’s part of why you need to do this. For the benefit of having such a recognizable trust mark on display. There are other benefits, too:
- Security: If you’re going to do business online, security must be a priority.
- Authenticity: There are different kinds of SSL certificates you can obtain. Some of them provide visitors with a guarantee that your firm is an actual business entity.
- SEO: Google has never been shy about letting people know that SSL certificates have a strong ranking signal. By securing your site with one, you can get you a boost in ranking.
In sum: yes, your law firm website needs an SSL certificate. Even if it’s just to boost visitor confidence.
How to Get an SSL Certificate for Your Website?
The first thing to do is to understand the different types of SSL certificates you can get:
Domain Validated (DV): This is the cheapest type of certificate. It basically just says you own a domain, you can provide proof that you do, and you want to encrypt it.
You get the padlock, “Secure”, and HTTPS.
Organization Validated (OV): This is the next tier of SSL certificate. This one requires that an actual agent reviews your domain, company name, and business information against government records to verify that you are indeed conducting business as you say you do.
You get the padlock, “Secure”, and HTTPS. There isn’t an easy way to tell between this and a DV unless the visitor opens the “Certificate” link to see where it was issued from.
Extended Validation (EV): This is the highest level of SSL certificate. Websites that get these must adhere to the strictest of standards.
You get the padlock, “Secure”, HTTPS, and the official company name appears in green. Symantec is a good example of this:
For law firms, the DV or OV SSL certificate is what you need. While it would be nice to go the extra mile, it’s really not worth it unless you’re processing payments on your website.
In terms of where to get an SSL certificate, start first with your web hosting company or domain provider (if they’re not the same). SSL certificate add-ons are occasionally offered within hosting plans, so yours might already have one that’s inactive. If not, see about getting one added on and installed by your hosting company. It’s the easiest, fastest, and safest way to go about doing this.