Beware of scams

We are aware of scams coming from email and social media where people try to impersonate us. We will never ask you for money or your bank details. Learn more about what to look out for and how to protect yourself.

You are here:

How to secure your website with SSL

← Back to Business Guidance

Build customer trust and ensure your business is compliant with GDPR by securing your business website with an SSL certificate

Protecting customer data has become a top priority for online businesses. If your business has a website that handles customer data – from simple email requests for pricing sign-up forms to full-blown ecommerce shopping – you need to ensure your website is secure to stop customer information falling into the wrong hands.

The easiest way to boost security is by installing an SSL certificate. Short for Secure Socket Layer, an SSL certificate is a digital certificate that provides proof of your business credentials to visitors to your website and also encrypts information customers send to your website.

What is SSL?

Most major commercial websites already use SSL. You can easily spot a secure website: the website address will start with https:// in your the web browser address bar and you’ll see a padlock symbol here too. Click on the padlock icon to view information about the company.

Secure Socket Layer scrambles the data sent between a visitor’s web browser and your website, preventing information such as credit cards details and passwords from being intercepted by hackers. It provides a huge boost in confidence for customers visiting your website.

To add your business credentials and to encrypt your website data, you’ll need to apply for an SSL certificate and install it on your website server. The good news is the process is relatively straightforward.

Does my website need SSL?

It’s a legal requirement for any business website that requests and captures data from visitors to install an SSL certificate. Both the UK government and Google require websites to encrypt customer data or suffer penalties.

Since October 2017, Google has shown a warning message in its Chrome web browser to anyone visiting a website that may request user information but does not have an SSL certificate. Other web browsers have followed suit, meaning visitors are actively warned that their data is not secure – which can be hugely damaging for a business. For example, 84% of customers abandon shopping baskets on sites that do not have SSL according to 123-Reg. Google has also been penalising the search engine ranking of websites without SSL – meaning your company website will appear lower down in searching engine listings than competitor websites that are SSL certified.

The General Data Protection Regulation (GDPR) legislation that came into force in May 2018 makes it a legal requirement for businesses to securely handle, process and store data – including customer information from people visiting your company website. Adding an SSL certificate to your website helps your business be GDPR compliant.

How to choose and buy an SSL certificate

SSL certificates are available in different validation levels. You may need to factor in the cost of hiring a developer for a few hours to install the certificate, though if you buy the certificate from your web hosting company you can get them to install it. Expect to pay from around £30 to £250 per year for an SSL certificate, depending on the trust level you opt for.

There are several types of SSL certificate trust level:

  • Domain Validation (DV) – This is a basic SSL certificate suitable for small businesses and websites. It includes full encryption and shows the web address as https:// along with the web browser padlock. DV costs around £30 and usually takes around 10 minutes to buy and install from your web hosting company.
  • Organization Validation (OV) – This is the mid-level trust tier, and suitable for growing businesses or commercial websites running WordPress, Drupal or Joomla where you need to encrypt access to editing the site. It includes more company information in the certificate, authenticating the identity of the website. Expect to pay around £80 per year for an OV SSL certificate.
  • Extended Validation (EV) – The highest trust level is suitable for ecommerce stores and websites dealing with lots of customer data. Companies applying for this level have to meet fairly stringent criteria. It adds more detail into the certificate, and when visitors visit your website they’ll see a green padlock in the web browser address bar with the brand name of the business. Expect to pay up to £250 per year for an EV SSL certificate.

All three levels include the same encryption and add both padlock and https:// to the web browser, as well as meet Google and GDPR requirements.

Tight budget? You can get a free Domain Validation SSL certificate from Let’s Encrypt – a non-profit dedicated to helping secure websites. Many web hosting companies will request a Let’s Encrypt SSL certificate on your behalf and install it. Check with your web host to see if they support free Let’s Encrypt SSL certificates.

How to install and set up SSL

It’s best to buy an SSL certificate from the company that hosts your website – and some will offer discounts for multi-year purchases. Once purchased, you’ll need to validate your domain and migrate your website to SSL. If you’re not technically adapt, it can be useful to hire a developer for a few hours to do this.

  • To validate your domain you’ll need to either upload a small HTML file to a specific directory on your website or you can add the certificate code to the DNS page section of your website control panel. Most web hosting companies can help you do this.
  • To switch your site to SSL once the website has been validated and the certificate issued, you can move your website to SSL. Most web content management systems have free plug-ins to help. For example, WordPress websites can use the Really Simple SSL plug-in. Once installed, it will rename the site to https:// and configure all the SSL settings automatically.
  • To make sure users see your https:// website you will need to tell your webserver to redirect any users who comes to your site with http:// to the secure, https://, version of your website. Many hosting companies will do this automatically for you, but if they do not, it’s definitely worth hiring a developer to make this change if you are not confident yourself.

 

Learn with Start Up Loans and help get your business off the ground

Thinking of starting a business? Check out our free online courses in partnership with the Open University on being an entrepreneur.

Our free  Learn with Start Up Loans courses opens in new window include:

Plus free courses on finance and accounting, project management, and leadership.

 

Reference to any organisation, business and event on this page does not constitute an endorsement or recommendation from the British Business Bank or the UK Government. Whilst we make reasonable efforts to keep the information on this page up to date, we do not guarantee or warrant (implied or otherwise) that it is current, accurate or complete. The information is intended for general information purposes only and does not take into account your personal situation, nor does it constitute legal, financial, tax or other professional advice. You should always consider whether the information is applicable to your particular circumstances and, where appropriate, seek professional or specialist advice or support.

Feeling Inspired?

Register

You might also like: