Story image

Kiwis being taken for a ride with certification due to SEO fears

27 Nov 2018

Some New Zealand business owners - alarmed that they could lose Google traffic as well as having a ‘Not Secure’ message on Google Chrome - are being ripped off by some suppliers asking excessive fees of up to $1,000 to set up a website with the SSL certificate needed to verify the site is secure.

Digital marketing agency Insight Online CEO Kim Voon says an SSL certificate to verify a domain (in other words, that you are who you say you are) shouldn’t cost more than $100, but he’s heard of companies being charged between $800 and $1,000.

“Visitors to a website can be scared off by a Google warning on their Chrome browsers that says the site is not secure,” Voon says.

“The warnings have been in place since July, but some business owners are only now becoming aware of it and, in their panic, they’re paying out hundreds of dollars more than they need to.

“If a website’s domain starts with the suffix HTTP, instead of HTTPS, it means that site does not have an SSL certificate. Not only does that scare some traffic away, but it may be impacting the company’s search engine rankings.”

In the past, only eCommerce sites and those that processed transactions were required to have SSL certificates - this means the organisation and site are authenticated and data is encrypted - to protect the flow of sensitive information between a retailer and its customer.

However, with greater privacy and security concerns today, all sites need to protect users’ details.

Voon says the SSL certificate is typically issued by web developers or the website hosting service, and the cost should depend on the level of certification required.

There are three levels of SSL certification a company may apply for:

  1. Domain verification is basic first level encryption and shouldn't cost more than $100 to $200 per year.

  2. Organisation verification, which is likely to cost $200 to $300 annually. This requires an additional level of validation by proving domain ownership as well as providing details of your organisation such as name and address.

  3. Extended Validation (EV), used by banks, will cost about $400 per year. The highest level of security and you’ll need to provide evidence of your organisation as a legal entity and well as providing additional business information.

“Setting up the basic level of SSL certificate (domain verification) is easy and shouldn’t take more than 30 minutes,” Voon adds.

“Some hosting or web development companies are doing it for free, so it pays to ask Businesses should also ensure that all their old HTTP pages redirect correctly to their HTTPS counterparts”

Voon says that in his agency’s experience, at least half of New Zealand businesses have not yet taken the step to authenticate their websites, particularly since so many don't have a dedicated digital agency or web development company looking after their website.

“Doing business online requires a level of trust. So, when a visitor is warned that your website is ‘Not Secure’, they proceed warily or they leave – you can see how that would impact business negatively.”

The implications for local SMEs are notable as Google has 96% of all search engine traffic in New Zealand, and between 50 and 60% of Kiwis use Chrome as their preferred browser, which means potentially half the traffic to a website is getting a ‘Not Secure’ warning.

“Trust is also a signal for search engines. Google says SSL certification adds search engine ranking strength to your domain. Without it, you could slip down in the rankings as your competitors move their websites to HTTPS.”

Safety solutions startup wins ‘radical generosity’ funding
Guardian Angel Security was one of five New Zealand businesses selected by 500 women (SheEO Activators) who contributed $1100 each.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.