Starting July 24, 2018, you may notice the words “Not Secure” next to the URL of many websites you visit. That’s because Google recently updated their browser, Chrome, to alert users to websites still using unencrypted HTTP domains.
While HTTP websites are not inherently dangerous, the “Not Secure” tag will raise red flags to site visitors. Businesses who don’t update their websites may lose site traffic or customer loyalty if they’re unable to update their domains.
Here’s a look at why it’s changing and if you need to add the “S” to your site.
Many internet users choose Google Chrome as their preferred browser because the search functionality is built right into the URL bar and there is a plethora of useful and highly functional plug-ins.
As a matter of fact, Google has been exceptionally successful at luring users to the platform. As of 2018, Google Chrome accounts for 59-percent of web traffic. For perspective, the runner-up in this contest is Safari, which accounts for 13.7% of online traffic.
When Google issues a software update that identifies websites as “not secure” for users, the results are wide-reaching.
What’s the “S” in HTTPS anyway?
When the internet was first created, it was built with Hypertext Transfer Protocol (HTTP), which lets your web browser fetch a web page from the server it’s being hosted on. HTTP has served users well, but the technology for how we access the internet and the technology for how criminals thrive within the internet have changed.
For one thing, HTTP is missing an encryption requirement that blocks third-parties from eavesdropping and tampering with a web page. That’s what the “S” does. Without the “S,” HTTP sites allow malicious actors to:
- Interrupt a user’s experience with a web page and insert ads or other content that isn’t original to the website
- Inject invisible software that mines cryptocurrency
- Redirect people to fake websites to steal usernames and passwords
The shift will come as no surprise to security experts. The tech industry has been imploring companies to adopt HTTPS security for years and this subtle move comes after two years of worrisome cybersecurity headlines.
By flagging unencrypted web pages, Chrome is letting users know that the page is potentially less safe when it comes to entering personal information. Since personal information like your login credentials are a gateway point for many cyber criminals, it’s likely the warning will encourage internet users to take precaution before doing business with unsecured business web pages.
Do I Need HTTPS for My Business?
You should expect this trend of favoring user-security to continue, along with users becoming increasingly aware of what data they share or don’t share with websites and businesses. The push to identify HTTP websites as “Not Secure” allows users to opt-in to putting themselves at risk online. We’ve written previously that 30% of consumers discontinue relationships with organizations who have experienced a breach, even if the users aren’t affected, for example.
Moving forward, using an HTTP website may make your company appear dated or less secure to visitors. Furthermore, HTTPS websites will be preferred by search engines, hurting your ability to be visible in search if you stick with HTTP. So, if you depend on your website for inbound lead generation, the upgrade to HTTP is probably worthwhile.
Switching to HTTPS
Google makes it easy to migrate your website to HTTPS. To switch, you’ll need a positive Secure Socket Layer (SSL) certificate for your website. You can get these for less than $10 per year from SSLs.com and elect to install the certificate yourself or hire a third-party vendor to apply it for you.
After the certificate is installed, you’ll need to review your site for “mixed content” errors. These occur when your web page prefers non-HTTPS elements, which can arise in any number of places. When you’ve gotten your pages all cleaned up, you can submit your website to Google’s crawlers and request to be identified as an HTTPS site, safe for users everywhere.
This change to favoring user privacy is a small facet of the greater shifts occurring aimed at protecting user data and privacy. While a simple update to HTTPS certification is a good start, the certification does have its limitations in that it encrypts a site’s architecture instead of the valued data itself.
If you’re ready to update your company’s website policies and appeal to today’s savvy Internet users, call us for a free 15-minute consultation and we can help identify steps for a larger, more holistic culture of security for your business.
Written by Nik Vargas