Dear PropellerHeads: My small business launched a new website and we've heard that we need to make some of our pages "secure." What's involved and what are the benefits?

A: Insecure Web pages are shy and socially withdrawn, or they over-compensate by bullying other Web pages. Wait a second, that's insecure teenagers I'm thinking about. With insecure Web pages, all that can happen is your customers' credit card data gets stolen.

Let's back up. The security of a Web page usually refers to whether the information entered on that page is encrypted. Encrypted data is unreadable by anyone but the intended recipient.

Whenever you fill out a form on the Web, the information you enter is sent through several intermediate points before returning to the destination Web server.

Unencrypted data can be seen by your company's IT staff (if you're at work), or by employees at your cable or phone company (if you're at home). If you're in a Starbucks or public library - which typically offer unsecured wireless connections - then anyone nearby can use freely available "network sniffing" software to see what you're sending. (Ditto for you at home if your wireless network isn't encrypted.)

If your site only asks for non-sensitive information, like on a "Contact Us" or survey page, don't bother securing those pages.

But if you allow people to log in using a password, at least secure the login pages with a technology called Secure Sockets Layer, or SSL (which sometimes goes by its newer name of Transport Layer Security, or TLS) (http://bit.ly/ivxKsJ).

SSL encrypts all data between two points on the Internet, and can protect normal Web traffic, email, and chat messages from eavesdropping. Your Web browser already supports SSL, which is why you can shop online without having to cancel your credit card every week.

Unsecured Web traffic is sent over an HTTP connection (for "HyperText Transfer Protocol"), which explains the "http" in front of Web addresses. Encrypted SSL traffic is instead prefixed with "https," the extra "s" meaning "secure." Most browsers also indicate this with a padlock icon at the top or bottom of the window, or with a green bar in the area where the Web address is displayed (http://bit.ly/maYOgX).

To offer HTTPS connections, your site needs an SSL certificate installed on its Web server. Your Web design firm or hosting company can probably handle this for you, but you'll still have to know what to purchase (or ask them to purchase).

If you're not asking for financial information like credit card details, a standard SSL certificate will probably suffice. Certificate issuing companies like Thawte and VeriSign (http://bit.ly/iTrPhDlists others) check that your domain name (your-company.com) belongs to you, then issue a certificate. Standard certificates run $50 - $400 per year and are ready in a day or two after a simple signup process.

If your site does accept credit card data (or other sensitive information), you'll want an Extended Validation (EV) SSL certificate. The same companies sell these too, but they're more expensive ($100 - $1,500 per year) and take longer to procure because the checks they run are more rigorous.

Since domain name ownership is relatively easy to fake, EV certificate issuers verify the registration or incoporation of your business with local authorities, and the physical address of your place of business. The identity of the person requesting the certificate (and their authority to do so on your behalf) is checked, and usually an officer of the company is contacted by phone to certify the information supplied (http://bit.ly/kkHc1g).

EV-SSL certificates cause browsers to display a shining green bar across the top of the window, giving customers a high degree of confidence in your website. At the very least, it says "someone went to a lot of trouble so you'd feel comfortable sending them your credit card number."

Even insecure teenagers should be happy with that kind of service.

When the PropellerHeads at Data Directions aren't busy with their IT projects, they love to answer questions on business or consumer technology. Email them to questions@askthepropellerheads.com or contact us at Data Directions Inc., 8510 Bell Creek Road, Mechanicsville, VA 23116. Visit our website at www.askthepropellerheads.com.