If your school website currently does not use an SSL certificate, starting July 2018 your site will be labelled as ‘Not Secure’ in every Chrome browser. In this article, we are going to tell you why need to care and what you need to do to make sure you are compliant.
What is the difference between a secure (https://) and non-secure (http://) website connection?
When a website address starts with “HTTP” the information travelling between the user’s web browser and the internet is transmitted “in the clear” without encryption and, if intercepted, can be read by a hacker. If the address starts with “HTTPS”, the connection between the user’s browser and the internet is “encrypted” and therefore secure. This is why shops where you enter credit card info like Amazon, or financial institutions offering online banking such as Lloyds Bank offer a secure “HTTPS” connection to users.
Google and a safer internet
Since 2017 Google has been on a mission to make the internet a safer place by strongly advocating that sites adopt HTTPS encryption. Since early 2017 if your site had no SSL certificate, your site had a subtle exclamation mark to warn users that your website was not totally secure. From July 2018 this is all set to change and any sites without a valid SSL certificate will be labelled as ‘not secure’. This would have a negative and unsettling impact on the users of your site, as well as many other factors that could damage your schools brand.
I use Internet Explorer. Why should I care about Google Chrome?
Because Chrome is the most popular browser on the planet and currently has 58.4% market share, and this figure is rising every day. For comparison, Internet Explorer currently has 8.92% market share, and that number is going down over time.
An SSL certificate provides many other additional benefits to your school website:
- Keeps you up to date with current best practice on the internet
- Is one of the key areas to make sure your GDPR compliant
- Google gives an SEO ranking boost to sites with SSL encryption
- Visitors will not see unsettling warnings that your school website is not secure
- Provides parents and other visitors with a professional level of trust and confidence
- Any contact form submissions will be encrypted and secure
Do I need to pay for my SSL certificate?
In a word, no. Thanks to the Linux Foundation, the “Let’s Encrypt” service offers a free basic SSL certificate and is being made available by most reputable website hosting providers. The certificate is valid for 90 days and renews automatically, you do not need to do anything. This kind of certificate is perfect for most schools who have nothing more than contact forms on their site. If you have a shop on your site, you may look into paid certificates, but honestly, they are really not needed for 99% of most school websites.
How do I implement SSL on my school website?
If you are one of our clients you will already have SSL installed, free of charge. Also, for every new school website we design, we install an SSL certificate as part of your yearly maintenance package.
I do not have SSL and I use another school website company. What are my options?
Talk to your provider. With GDPR and the Chrome deadline of July 2018 fast approaching, there really is no excuse to at least have a free certificate installed.