Law firm Web sites can be more secure and offer clients a greater degree of comfort that their interactions are protected. Security and encryption are hot topics as the scales fall from digital eyes (and sometimes are put back again). Some recent developments in the way Web sites can secure their interactions make it even easier for law firms to have secure Web sites.
I’ve touched on using https yourself when sending or receiving client information, or banking, or engaging in other online activities. This slight change in a Web site’s URL – from http:// to https:// – means that the information you send and receive with that Web site is encrypted. The s indicates the site has an encryption certificate, that the site is legitimate (it is what it purports to be), and information about how the connection is secured.
You can see this information by clicking on the small lock symbol in your Web browser when you are connected to an https site. The lock is at the start of the URL in Firefox and Chrome, at the end of the URL in Internet Explorer.
If you visit a site that has https:// in its URL but there is a problem with the certificate, your Web browser will most likely show you a warning, like this example from Internet Explorer.
Law Firms Can Use SSL Too
There is no reason law firms can’t use https for their Web sites. If your firm has any kind of information intake on its site, you have a good use case for turning on encryption. There have been obstacles, including the perceived necessity, to doing so. For one, there was a concern that using https would slow down your Web site. There was also the cost.
There has been a shift in how Web encryption is viewed in the last few years. It’s not just about operational security any longer or for sites handling financial transactions. Google even looks at it when considering your site’s rank in its search results.
Two developments I’ve been watching have been the drop in the cost of having a certificate and the ease of implementation. The first is a bit of a price war. John McAfee has created a company whose sole purpose is to sell certificates at a lower price. A $16 certificate can lower the bar to your firm using encryption on its site. While the Black Cert certificates are inexpensive, generally available certificates aren’t much more. However, the lowered price may be enough to remove the cost obstacle from your path to encrypting your law firm Web site.
The Electronic Frontier Foundation’s Let’s Encrypt effort is the other. It’s a totally free certificate project that enables you to self-serve – not self-sign – to obtain a certificate. You download the app – currently in beta – and run it on your own Web server. It walks you through the process of installing the certificate.
Obtaining a free or low cost certificate has never been easier. However, installing your own isn’t for the faint of heart. And if you have a hosted Web site, where someone else manages your hardware, there may be additional costs to have them import your certificate. For example, my host will sell me a certificate for $82. If I bring my own, I need to add a service to my account ($30 a year) and pay a one-time import fee ($30). There may also be steps you will need to take in order to make your law firm site work. For example, WordPress sites sometimes need a plugin to help make all the content use the secure connection.
At the end of the day, for a law firm, this is quibbling about relatively small amounts of money, probably in the range of $50 – 100 a year. As a greater portion of the Web moves to encryption for traffic that, in the past, was wide open, there are good options for law firms to participate in that shift.