Even after the latest Google update, these top brands could be putting you at risk!
In case you didn’t know, my colleague and I created a tool called SSLSwitch.com which takes the top 1000 global brands and analyzes their default domains for SSL and deep scans their security which then provides a grade.
The grading feature was brought to our attention by inbound.org member Alistair Lattimore and was immediately placed into development. Thanks Alistair!
Now, on to the data.
Out of the 1000 top sites that are analyzed every few hours, only 154 actually have SSL set as default on their domain name.
Out of these 154 sites, only 7 actually have a grade of A+ which is the highest grade you can possibly have for SSL security while 56 have grades of A- or below. The remainder have A grades.
We selected the most popular of these 56 sites to show you, the user, how even the top brands overlook the simplest of things.
Below we’ll cover brands that range from top financial institutions, social networks, email providers, project management platforms, and even SEO tools (the irony!).
Can you believe that any of these financial institutions have even the slightest issues with their SSL certificates? I know we can’t. I mean Citibank has a grade of ‘C’ for crying out loud!
Whoever’s managing their web presence definitely needs to step up their game, even if it’s only for PR purposes. It doesn’t make any sense for these organizations to have anything below an A+ grade.
Shame on you, American Express, Citibank, Bank of America, PayPal, Capital One, Wells Fargo, and Chase.
Although these guys may not have as sensitive of data as your banking credentials, it’s still a surprise that they aren’t an A+ considering it’s so simple to make the proper adjustments to have the proper configuration.
Some of these are pretty funny. For example, Ashley Madison – a service for married individuals looking to have an affair. You’d expect them to have no flaws in their security since privacy is a huge concern. Another one is Mega – an anonymous file sharing service based on encryption. Still doesn’t make any sense for this service to be below A+.
Really, Microsoft?! Outlook gets an F grade when it’s one of the most popular email service providers in the world. That’s really sad.
INTERNET MARKETING SERVICES
And, I saved the best for last! Since these are some of the most used sites for internet markters, I thought it’d be interesting to note they did make the list. The irony is that these are companies that should be following closely with the latest SSL update.
Now that we covered the guys that need improvement, let’s cover the guys who are doing it right and have received an A+ grade.
THE GUYS DOING IT RIGHT
The above companies aren’t financial institutions with highly sensitive information, yet somehow surpass those organizations in SSL security.
DuckDuckGo, a search engine whose sole unique selling proposition (USP) is privacy has an A+ grade which is higher than Google’s A grade. It’s interesting to see that although Google has released this SSL update, it’s still lagging behind it’s small, but fierce competitor, DuckDuckGo.
Many of these organizations aren’t required to have A+ grades in order to keep all of your data safe, but it definitely isn’t an excuse. If you’d like to see exactly why they received their grades, head over to SSLSwitch and click on their individual letter grade to view the report. Grading feature courtesy of Qualys SSL Labs.
Got any suggestions or comments? Send them to [email protected]