sb-nz logo
Story image

Kiwis being taken for a ride with certification due to SEO fears

27 Nov 2018

Some New Zealand business owners - alarmed that they could lose Google traffic as well as having a ‘Not Secure’ message on Google Chrome - are being ripped off by some suppliers asking excessive fees of up to $1,000 to set up a website with the SSL certificate needed to verify the site is secure.

Digital marketing agency Insight Online CEO Kim Voon says an SSL certificate to verify a domain (in other words, that you are who you say you are) shouldn’t cost more than $100, but he’s heard of companies being charged between $800 and $1,000.

“Visitors to a website can be scared off by a Google warning on their Chrome browsers that says the site is not secure,” Voon says.

“The warnings have been in place since July, but some business owners are only now becoming aware of it and, in their panic, they’re paying out hundreds of dollars more than they need to.

“If a website’s domain starts with the suffix HTTP, instead of HTTPS, it means that site does not have an SSL certificate. Not only does that scare some traffic away, but it may be impacting the company’s search engine rankings.”

In the past, only eCommerce sites and those that processed transactions were required to have SSL certificates - this means the organisation and site are authenticated and data is encrypted - to protect the flow of sensitive information between a retailer and its customer.

However, with greater privacy and security concerns today, all sites need to protect users’ details.

Voon says the SSL certificate is typically issued by web developers or the website hosting service, and the cost should depend on the level of certification required.

There are three levels of SSL certification a company may apply for:

  1. Domain verification is basic first level encryption and shouldn't cost more than $100 to $200 per year.

  2. Organisation verification, which is likely to cost $200 to $300 annually. This requires an additional level of validation by proving domain ownership as well as providing details of your organisation such as name and address.

  3. Extended Validation (EV), used by banks, will cost about $400 per year. The highest level of security and you’ll need to provide evidence of your organisation as a legal entity and well as providing additional business information.

“Setting up the basic level of SSL certificate (domain verification) is easy and shouldn’t take more than 30 minutes,” Voon adds.

“Some hosting or web development companies are doing it for free, so it pays to ask Businesses should also ensure that all their old HTTP pages redirect correctly to their HTTPS counterparts”

Voon says that in his agency’s experience, at least half of New Zealand businesses have not yet taken the step to authenticate their websites, particularly since so many don't have a dedicated digital agency or web development company looking after their website.

“Doing business online requires a level of trust. So, when a visitor is warned that your website is ‘Not Secure’, they proceed warily or they leave – you can see how that would impact business negatively.”

The implications for local SMEs are notable as Google has 96% of all search engine traffic in New Zealand, and between 50 and 60% of Kiwis use Chrome as their preferred browser, which means potentially half the traffic to a website is getting a ‘Not Secure’ warning.

“Trust is also a signal for search engines. Google says SSL certification adds search engine ranking strength to your domain. Without it, you could slip down in the rankings as your competitors move their websites to HTTPS.”

Story image
Gartner names ThreatQuotient a representative vendor for SOAR
The company is listed in Gartner’s 2020 Market Guide for Security Orchestration, Automation and Response Solutions.More
Story image
Why best-practice threat data management provides confident automation
Understanding an organisation’s threat landscape requires having both the right threat data sources and the proper prioritisation to derive actionable threat intelligence for your organisation. More
Story image
Cybersecurity market continues meteoric ascent - damages to reach $6 trillion
With the increase in cyberattacks, organisations are continuing to spend more money on security. However, without a focused cybersecurity strategy, they often spend it in the wrong areas.More
Story image
Secureworks: Remote working exposes new security vulnerabilities
New vulnerabilities have been exposed as IT teams across the world respond to the ongoing COVID-19 pandemic.More
Story image
Why IT and HR must work together to help businesses weather the storm
Employers are striving to balance team productivity, security and employee engagement. If remote work is the new norm, it’s impossible to ignore the challenging nature of the situation, writes Gigamon manager for A/NZ George Tsoukas.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More