What happens if you don’t have SSL Certificate
HTTPS has replaced HTTP as the new communication protocol on the internet. This is by design, Google, Mozilla, Apple, and Microsoft have been pushing for an encrypted internet for years and in 2018 they finally mandated that all websites install an SSL certificate and migrate to HTTPS.
But what would happen if you didn’t? Maybe you have a deep-seated philosophical issue with SSL/TLS, maybe you think this is all a racket or maybe you’re just trying to be subversive.
Whatever the case, let’s talk about the dangers of not having an SSL certificate installed in 2018.
There’s no excuse for serving your website via HTTP in 2018
The web browsers want the entire internet encrypted immediately. And they’re using a number of initiatives to accomplish that. Back in February of 2016, when this push began, just 3% of the internet was encrypted (per a Netcraft report). Today, Google measures encrypted traffic at around 80%. That’s serious progress, but still a long way from complete encryption.
A total lack of data security
The biggest reason that SSL/TLS is now mandatory is connection security. When you install an SSL certificate and migrate to HTTPS, your website will be able to form secure, encrypted connections with its visitors. This should be the standard because it means all of the data being transmitted is unreadable to anyone but the intended party.
Without SSL the connections your website makes will not be secure. That means that if someone eavesdrops on your site they can easily steal any information that is transmitted. That’s because HTTP connections communicate in plaintext. And anyone can read plain text.
The only way to secure data in transit is with an SSL certificate and the SSL/TLS protocol.
A man-in-the-middle attack is an aptonym as it describes perfectly the situation that occurs. In a MITM attack, the attacker manages to get in between the two parties that are communicating. All information that is transmitted can be viewed and even manipulated by the Man-in-the-Middle before it’s sent along to the intended party. SSL/TLS prevents this from occurring by virtue of the encryption it provides.
Third-party content injection
One of the things that a MITM attacker can do is insert content on your website. This is common practice by ISPs and on some public wifi networks. If your website is selling ads but isn’t being served via HTTPS then it’s comically easy to inject your own ads over the ones that the website intended its visitors to see. This hurts your bottom line and reduces site integrity.
Distrust by Web Browsers
As we covered, the browsers have mandated SSL/TLS and any site that isn’t compliant is going to receive browser warnings and eventually be distrusted. Right now if your website doesn’t have an SSL certificate installed a small badge that says “Not Secure” will appear to the left of the URL in the browser’s address bar. Soon the text of that warning will turn red and eventually the penalties will escalate to where your website will receive an interstitial warning that nobody is going to click through.
Back in 2014 Google announced that HTTPS would become an SEO ranking signal. And while the actual impact of the boost you’ll get from HTTPS has diminished as more and more sites migrate, the penalty your website will now receive for not having it is continuing to grow. And that makes sense. Google’s job as a search engine is to provide its users with the best possible result. All things being equal, if your site is less secure Google is going to rank it lower. After all, security does feed into the quality of the result.
You’ll lose consumer trust
Leave that “Not Secure” badge in your users address bar for a week or two and watch your brand reputation take a hit as customers begin to trust you less. “Not Secure” is not the kind of language that invokes trust. And while adding SSL/TLS isn’t necessarily guaranteed to build any extra trust (except for EV), not having it is a surefire way to lose it. And without trust, business on the internet is impossible.
Your brand will suffer
This dovetails with our last point when customers lose trust in you your brand suffers. When someone mentions you, it wouldn’t be advantageous for the first thought to hit their mind to be that your website wasn’t secure. And people will remember that. The average internet user may not notice the security you have, but they’ll definitely notice if you don’t have it.
The SSL Store™ India is one of the largest SSL Certificates providers now offering SSL/TLS Certificates at ₹ 1.30/Day with dedicated 24*7 Live Support