Google is pushing for HTTPS protocols on every website.
Let me ask you a question: do you want to have your personal information secure on any website you visit?
Obviously, the answer is going to be a resounding yes. Let me pose another: do you trust that the websites you visit are secure? I can sense your hesitation.
While you probably avoid websites that seem overtly scammy, you might not be consistently checking security certificates for every page you come across. Google knows that, and they are releasing new updates to their Chrome browser that will help ensure your data sharing is always encrypted via SSL certifications. However, this could spell trouble for any website that isn’t up to date. Below, I’m going to highlight what you need to know to keep your pages secure and visible to Chrome users.
First of all, let’s talk about why staying up-to-date on your website’s SSL certification is so important for your business. According to the Federal Government’s Digital Analytics Program, 47 percent of browsing is done on Chrome. This means you could potentially be blocked from half of your current and future clients if your security isn’t up to snuff. Yikes!
Chrome wants to make sure its users’ data is safe on all websites. During the Chrome 56 update, which was released in January, some websites served over unencrypted HTTP were marked with the red “not secure” triangle you have probably come across from time to time. These websites included any HTTP website that collected login or credit card information. Previously, that notification was saved for irregularities that point to potential breaches over HTTPS.
While other HTTP websites you may currently visit are marked as neutral, they are not secure from man-in-the-middle attacks. They do not display the green “secure” notification, but they do not warn visitors away. October’s new update will mark HTTP websites that collect any data as not secure. This includes newsletter sign-ups and search bars. In the future, all HTTP websites will be marked as not secure even if they do not collect typed-in data.
Why is this important? Well, unencrypted websites served over HTTP can be modified before they get to you. Furthermore, any data you share with the website can be intercepted by a third party.
As a website owner, it’s important for the safety of your customers to be sure the data they share with you is private and secure. Furthermore, you need to make sure your website isn’t being branded as not secure, as many users will associate the notification as evidence of a scam or hacker, and not as a difference between encrypted and not encrypted.
Now that you know why it’s important to update your website to HTTPS protocols, here is a checklist to make sure your website is current with this month’s Chrome rollout.
Go to your website. Does it say “https” at the beginning of your URL?
If yes, you are good to go! Be sure to do a secondary check of any auxiliary landing pages or redirects.
If no, and your site has “http” at the beginning of the URL, does your site have ANY input fields within it? Remember, this includes but is not limited to newsletter signups, contact forms, and search bars.
If no, your site will not be marked as not secure, but it will be in a future rollout. Begin to consider changing protocols to https.
If yes, it is time to change to “https” right away by getting an SSL certificate.
So, do you need an SSL certificate in order to run HTTPS protocols on your website? Your first step is to contact your hosting provider, who should be able to provide documentation on how to do this. There are also many tutorials online on how to do this yourself. However, it’s important for your business to do this correctly, so professional help may be required.