As you know, jebswebs is a reseller of hosting services from our partner, Maine Hosting Solutions (MHS) located in nearby Bath, Maine. Some of our clients who have purchased their hosting plan directly from MHS, have recently been contacted by MHS with a rather dire e-mail stating their “Website is NOT secure.” As their web guy, they have contacted me asking for assistance.
I’ve written about the backstory a couple of times over the past year describing what has led up to this situation. We’ve known it was coming. The thumbnail version of this is Google is “strongly encouraging” website owner to purchase a security certificate (known as SSL) for their websites. The SSL process encrypts all communications/traffic passing between a web browser and the web server and prevents anyone from stealing that information including credit card numbers, dates or birth or even user names and passwords.
MHS is now offering this SSL certificate for $60 per year (a discount from their regular price of $100 per year). But I am not sure the marketing approach that MHS has taken (image on this page) – which seems to play into the popular “the sky is falling” paranoia tempo of the current political climate – is the best approach.
My advice to my customers is to sit tight for a little while longer…
Although all of the reasoning and rationale that Google and others have stated about website security concerns are valid and real, the risk for most small website owners is still incredibly small. If your website is a commercial site (e.g., shopping cart) where financial information or important personal information is “exchanged,” then by all means you need to have a highly secure site. Indeed, to even set up a on-line shopping cart that allows users to use their credit card to purchase items from you, the credit card companies and banks have always required security (SSL) certificates to be in place. But if you are running a small nonprofit that does not sell anything on line, I think you are safe.
The biggest “inconvenience” or negative consequence of not having a SSL certificate on your site is that people visiting your site using the Google Chrome browser (so far the only browser that is doing this – but other browsers may join in soon) will see a message indicating that your website is “not secure.” And this is not really very accurate.
We are concerned that many small organizations that have limited resources will find it difficult to cover this new expense. We have a number of customers who are only paying $100 or less per year for hosting and are now looking at a $60 increase in annual cost. So there is a business decision to be made here.
There are free and lower cost SSL Certificate alternatives out there and jebswebs will be exploring those options in the months ahead. As this is all new, we suspect that things will even out and costs will come down.