Law Firm Websites Without an SSL Certificate Will See a Major Blow in 2018

An SSL certificate enables a method of encryption on websites that allow visitors to engage with the site in a secure way. Sites that are secured are indicated by the acronym HTTPS (for Hypertext Transfer Protocol for secure communications) preceding their URL in the web browser’s address bar. Here is an example of what you would see if you were using the Google Chrome browser:

Large Number of Law Firms At Risk

Using data from the Internet Legal Research Group (ILRG), last updated in 2016, we conducted an analysis of the top 10 law firms in America by the number of attorneys as well the largest firms from their list in Connecticut and Virginia. Our assessment was simple: which sites have SSL certificates and which ones don’t. The numbers were striking.

Nationwide, only six out of the ten largest firms had properly configured SSL certificates. Of the four that didn’t, two had fillable inquiry forms. Information sent to the firm through these forms are completely vulnerable to capture by malicious actors. Looking at the three firms from Virginia that made the ILRG top 350 largest firms list, two had SSL certificates installed. Of the three listed with offices in Connecticut, not one site had an SSL certificate installed.

So, what’s the big deal?

At the most basic level, it should be important to any company that their communications from clients and prospective clients are secured. While providing this level of protection may not be an expectation of the average website visitor today, a change that is slated for web browsers in 2018 should raise the expectation amongst most Internet users.

The change will come in the form of a stern warning message for people who visit a website that does not have an SSL certificate. According to this post from Google’s Security Blog, the Google Chrome browser will display a highly visible warning message next to the URL of sites not secured with HTTPS. Here is what the warning will look like:

While this change only applies to the Google Chrome browser, it’s important to point out that, it has nearly 59% of the market share for web browsers, according to Net Market Research. Chrome is followed in the market by Firefox, which has just over 13.5% market share. And while this announced change only applies to Chrome, changes in the Firefox browser around SSL indicators and warnings have largely fallen in line with those from Google. Mozilla, the company behind the Firefox browser, has also shared details of its proposed changes.

Lastly, while neither Google nor Mozilla has indicated an exact date that these changes will take place, both are encouraging people to move forward with installing an SSL certificate as to not be caught flat-footed when the changes take place. Based on moves we’ve seen from the search giant in the past, we predict that Google’s change will take place at some point in 2018, likely in the first half of the year.

Other Ramifications of Not Having an SSL Certificate

Starting in 2014, Google began giving a boost to websites that had an SSL certificate installed by promoting those sites above others in search engine results pages (SERPs). Since announcing that change, the rate of adoption for encrypted websites has accelerated according to anonymous user data gathered by Google. With such a high adoption rate, the boost that secured websites are getting amounts to a penalty for all the sites that aren’t secured.

Since more clicks already go to the top three organic listings on Google search results pages than the other seven organic links combined, companies need every ounce of support they can get to compete in search engines. Aside from having a properly configured SSL certificate, companies should also be thinking about the usefulness of content on their website for its intended audience as well as the experience users have when they come to the site. Google has placed more weight on user experience in the past year, making it another top contender for things to optimize in order to get a better placement in search.

There’s Good News

It turns out that an SSL certificate is both cheap and easy to install. While SSL certificates can be purchased from the providers themselves, it’s usually easier to purchase a certificate from your web host. SSL certificates range in price from $49.95 to $399 for a single domain with options within that same range for multiple domains. Some hosts, like SiteGround, offer the ability to install a free SSL certificate from Let’s Encrypt, a provider of completely legitimate web encryption that is backed by four dozen major technology companies.

While purchasing and installing an SSL certificate is relatively easy, you’ll likely need to consult with the company that manages your website to ensure it’s implemented properly. Depending on a multitude of factors, this task shouldn’t be terribly time-consuming for a techie to complete. A couple of hours and someone who knows what they are doing should be able to ensure all of the assets on your site are loading securely.

With options to install an SSL certificate starting at zero dollars, there’s simply no excuse for not having one. Pretty soon, the visitors to your law firm website will expect it and most will quickly navigate away when they see the message “Not Secured.”

Will Melton has advised companies of all sizes on their digital strategy from communications infrastructure and marketing initiatives to digital customer interfaces and mobile apps. He is the co-founder and lead product engineer at Client Magnet. Utilizing new tools and proven digital strategies, Client Magnet is dedicated to helping attorneys, law firms and professional service providers acquire more of the right types of clients faster and at a lower cost. This post was originally published at ClientMagnetPro.com.