Securing Your Website With a Free SSL

Are they really worth the hassle?

Greetings from the Help Desk!

You have a website but still haven’t purchased an SSL? That’s the thing that makes your website start with “https“ and encrypts your guests’ data.

No one wants to spend more money on their website, yet still wanting more visitors. So here’s some helpful information about FREE SSL’s for you. Or is it?

As you probably know, there has been a change in how websites are displayed. Anyone without an encrypted https and padlock in their web address gets flagged by most browsers as either “insecure” or with an exclamation mark. Not good for business! Also not good for Google ranking either!

Enter: the FREE SSL.  Is it really worth the hassle?

Free certificates actually aren’t new. Plenty of companies have been offering them for a while. It’s just now that these seem more attractive since the online world is moving to a more secure environment. They are, interestingly, just as safe as paid ones. So why would you pay for one every year when you can get a free one, you ask? Good question! There are a couple of good reasons. 

Paid Certificates:

  • Offer a warranty, or protection, in case data is captured and unencrypted by a middle man during transfer. Some protect your site up to $1.5 Million, such as Symantec’s Netsure Protection Plan. If you’re selling a lot of items or passing a lot of sensitive information through the internet, then this may be important.
  • Offer help to install and troubleshoot issues. With free certificates, you’re pretty much on your own if you “trip over the cord and accidentally unplug the Christmas Tree” you may have to have the certificate re-keyed and your website might go off-line.
  • Another reason is so your website can have that green bar (trust issue) with your company name, like you see in many big reputable companies. Check out Twitter.com as an example.
  • The biggest upside to a paid SSL, however, is the length the key will work for until it needs to be renewed. Most paid certificates offer 1 – 2 year options. But with a free certificate, you’ll only likely get 3 months at a time. After that time, the certificate will become invalid. When this happens, your site will basically shut down. There’s a big page that pops up saying that it’s dangerous to enter your site and warns users before proceeding! Really, it looks bad. So then you have to call your certificate issuer and ask it to be renewed. This process can involve several steps for the issuer that may take up to a few days to get taken care of.

If you can afford your site going offline for a couple of days and you’re willing to call the issuer, then this option might be a good one for you.

Having said that, however, I called my host provider (Blue Host) last week and they told me I would NOT need to call every 3 months to have a free certificate renewed. So, perhaps there’s more hope for using this FREE option in the long haul.

It seems like this type of technology should be automatic these days. But in the meantime, I’ll save the time figuring it out and purchase mine.
See more about free certificates at https://ssl.comodo.com/free-ssl-certificate.php
I get no compensation from Comodo, Blue Host and Twitter by mentioning them here. The Comodo, Blue Host, and Twitter names are copy-written and owned by their respective companies.

What’s the Deal With GDPR Compliance?

How Data Protection Affects You

GDPR, or General Data Protection Regulation, is a regulation from the European Union that helps protect web users’ data.  Wait, I know, I know.  Before you say it: You are in the United States!  But before you hit ‘delete’ calling this irrelevant, let me explain how it affects you.

If you collect names, IP addresses, session cookies, or e-mail addresses (which most websites do), you collect personal data. This personal data should be protected, right?  True.  But starting May 25th, some US websites were also required to abide by new European website privacy laws.  Of course my head was spinning trying to understand why we should be required to follow European laws.  So I did some research.

After digging deeper, this law will apply if you market (even by accident) to the EU (European Union) or a country within.  Business owners with no market share in the EU, who don’t target the EU in marketing, and don’t own an overseas domain name, have little to no required changes to make.  Or do you?

For those that might be (even inadvertently) marketing to Europeans, and those wanting to tighten your own privacy reigns, let’s take a look at their laws.  The theme is this: Be more transparent with your potential clients.  We can all learn about transparency and protecting our clients’ data!  So here are the highlights behind this regulation.

  1. Explain who you are, how long you’re keeping user data, why you need it, and who on your team or externally has access to it
  2. Get explicit and clear consent to collect data through an opt-in
  3. Give users access to their own data, the ability to download it, and to delete it from your records completely
  4. In the event of a hack or security breach, let your users know about it

So these aren’t too bad.  But the fines for not complying are!  “You could get fined 2% of your worldwide annual revenue for failing to disclose a data breach, or up to 4% for failing to ask for user consent when storing data.”1

What should I do?

Perhaps you don’t market to the EU and don’t service these clients.  It’s probably a good idea, however, to have an easy-to-read privacy policy and explanation on how you use personal data.  Get to know what personal data you actually collect, and make sure it’s being handled with care.  Lastly, (this will also improve your Google ranking) get an SSL to protect personal data in transit from your server to your customers.

If you sell or market to Europe (or the EU), now is the time to pony up and get that privacy policy written.  Get a clear statement on how you handle cookies and personal information.  Check out these easy-to-read articles by Elegant Themes here and here.  Also, you can check out this article by Fortune and this one by Forbes.

If you need help with compliance, we’d be glad to offer suggestions or setup your pop-up!

1 https://www.elegantthemes.com/blog/resources/a-quick-guide-to-data-protection-regulations

 

Turn Up The Silence

Creating Space For Yourself

The silence was almost deafening!  Since having a child, as some of you may know, there’s constant noise, toys dropping, crying, and even whining. Did I mention whining?

Even after our almost 3-year-old goes to bed, there’s a sense of rushing around to get things done and reorganized (with all of this free time!!): laundry, dishes, picking up toys, catching up with my wife and …. well, more. Is there ever enough time to enjoy some silence?

Hiking Marker

So mom (my wife) and daughter took off for a few days to visit family and I’m home alone. The lack of noise was nice, but it wasn’t until the next day, the silence was almost deafening. Like I needed some background noise to almost appease my mind that demanded routine busyness! Do you know what I mean?

There is immense value in silence I had forgotten about. In the days being a bachelor I loved backpacking! Getting into the woods and hearing only the birds and trees blow is truly refreshing to my soul. No deadlines. No interrupting phone calls, texts or emails. No kids screaming for attention. Don’t get me wrong, I enjoy my world of technology, being a dad, husband and business owner.

But this time at home by myself was very much the same as backpacking. Simply refreshing.

How often do we create the time to refresh our inner most self? I mean truly make the effort to block the time off. No cell phone, no music, no interruptions. Well, it may happen on its own once in a while, but I’d like to argue that that’s not good enough.

It’s summer in the northern hemisphere (to be fair to those down-under). Let’s carve our time to just be in that place that refreshes you. No noise. Turn off the phone (not just vibrate it). No Facebook. Make sure the people you care about know this is happening, of course. But spend the day (or more if you can) to take it all in!

Listen. Notice. Write. What you want to spend less time doing. Prioritize. What else surfaces?

When you return, notice your level of productivity, focus, happiness and appreciation for what you have! You spouse and kids (and, if you really needed it, maybe your boss) will surely notice.

Report back in the comments below.  I’d like to hear what else comes up…