Article - It's Time To SSL Secure Your HOA Industry Website
For the 20 year life of the commercial internet, SSL (Secure Socket Layer) securing of a website has been largely restricted to websites collecting sensitive information, such as credit card information, social security numbers, or other sensitive information that could be used to harm you if leaked or hacked. SSL is the standard, common method for encrypting data transmitted to and from a website.
That began to change in 2016 when Google, the "make-or-break" search engine nearly monopolizing internet searches, decided to give a small boost to SSL secured websites in its search algorithms. This change alone sent for-profit companies in all industries that were reliant on search engine visibility for leads and traffic scurrying to secure their websites. Management companies and vendors should have made the SSL commitment on that basis alone at that time to avoid ceding an edge to their competitors.
The pressure behind SSL security really ramped up significantly in late 2016 as new browser releases began generating cautionary warnings such as shown below, causing user concerns and worries as shown in the side-by-side screenshots below.
The most significant warnings are now being applied to the login boxes on websites requiring entry of a userid and password to login, which includes the vast majority of HOA websites on the market. The result has been an upswell in user complaints and worries, and some users fearing use of the websites. The below screenshot reflects one example. Browser makers seem to have concluded that as users tend to use the same logins on most sites they use, a hacking of that login from an otherwise low risk site could expose the user on other more sensitive sites where he or she may have used that same login.
ELIMINATION OF THE WARNING MESSAGES:
The only means of eliminating these warnings is to purchase & install an SSL certificate on web server for the domain for the website, and to adjust forwarding to push all images and non https:// URL's through the SSL. To complicate matters, not all SSL certificates are equal, in fact, Google has indicated it's Chrome browser will cease accepting Symantec SSL certificates due to shoddy issuance procedures (read "Google Chrome will no longer trust Symantec certificates, 30% of the web will need to switch Certificate Authorities")
Nevertheless, the impact of the foregoing changes make it clear that the trends are toward forcing SSL encryption. Accordingly, we are strongly recommending HOA's, managers, and vendors move to add SSL encryption to their websites this year.
About The Author: Michael W. Vandor is a 37 year veteran of the community management industry, and is currently the founder and CEO of the makers of the InstaPage HOA website system, The Lazarus Group Internet Services, LLC, at https://www.instapage.org.