As of October 27th (today), a new version of Google Chrome will be released that will prominently label any site without an SSL Certificate (or http) as “non-secure” in the browser bar.
Your website will be affected by this change if your website contains input fields, asks for passwords or any other sensitive data, or is visited in incognito mode.
Back in August, your webmaster may have received an email from Google via Google Search Console, notifying you that, as of October 2017, your website will receive a ‘Not Secure’ warning when users enter data on your site, and when visiting your site in Incognito mode. This email went out to all of those whose website were still HTTP, and served to prompt you to add HTTPS to your site.
Until now, the need for HTTPS has only really been necessary for sites that deal in sensitive data, such as credit card details and logins. It then spread to include protecting browsing of social media sites, and now it’s becoming a requirement for all sites on the web.
Why Is This a Problem?
Several web browsers, including Google Chrome in particular, now show an unmissable warning whenever a web user is about to head to a site that doesn’t have HTTPS. If your site doesn’t have HTTPS, then there’s a good chance prospective visitors to your site are seeing this warning. What would you do if you saw this? You’d probably click away. Thus, you’re losing a whole heap of traffic and potential conversions.
Though the web user can ignore the warning and proceed, the warning page, as you can see, doesn’t make it easy to do so, nor particularly appealing.
Google recently reported that over half of websites Chrome users visit are already encrypted. With the imminent update this is only going to rise rapidly, and soon HTTP websites will be a clear minority. This indication of poor security is likely to have a very detrimental impact to the way visitors behave on your site, and ultimately, how they perceive your business.
Why Has Google Done This To Us?
Google is trying to protect web users from spoofed and fraudulent websites. It’s also clamping down on financial fraud and identity theft. We think you’ll agree, that’s kinda important.
It may seem like yet another annoyance from the elders of the internet, but if you think about it, there are a lot of benefits.
As well as the most important factor, namely protecting sensitive data that may pass through your website, moving over to HTTPS also offers the potential to increase your website’s rankings as https is a confirmed Google ranking factor.
Where you have been quick to snap up HTTPS and your competition has not, you’ve got a head start (the early bird catches the worm, and all that jazz).
Then, of course, there’s the matter of, you know, actually being a safe and secure site.
The whole idea behind HTTPS is to protect internet users from hackers and identity thieves. No site is too small to get hacked. Most nefarious interceptions are done electronically, with no human behind the wheel deciding who to target.
What Is An SSL Certificate?
Changing your site to HTTPS involves getting an SSL certificate. But why do I need SSL certification?
SSL (Secure Sockets Layer) certificates are, essentially, tiny data files that bind your organisation’s details to a cryptographic key. When an SSL certificate is installed on your web server, it allows secure connections from the web server to the browser of the person viewing the site, by activating https protocol (which you’ll see in the address bar, accompanied by a padlock icon). The SSL certificate binds together a domain name, server or host name with your company’s name and location. The upshot is a much safer browsing experience for all parties.
The SSL certificate should be installed onto the web server your company uses in order to secure browser sessions for users. Once it’s been activated, all data between the server and the browser is secure.
Having HTTPS creates an encrypted connection between the site visitor’s browser and the server. Through a silent back-and-forth between the two parties, a secure session is established without interrupting the user’s session. It’s like putting your site and your user together in an impenetrable bubble where no baddies can get in.
What Types of SSL Can I Buy?
There are three main types of SSL that we recommend purchasing. These are:
- DV (Domain Validated SSL): DV SSLs provide the lowest level of validation available, and are therefore the cheapest of the three SSL types. They can be issued very quickly, though no company information is checked or displayed on the certificate.
These are most suitable for small personal websites and for basic encryption needs without any transactional data involved.
- OV (Organisation Validated SSL): OV SSLs are the next step up from DVs. Ownership of the domain name is checked as well as vetting of the organisation and the company applying for the certificate. The Certificate Authority will check the registered company address and the name of a specific contact, for example.
Visitors to the site will be able to see this vetted information displayed on your site, which gives them further assurance of your SSL security level. These are great for companies who do not deal in transactional data but are, nonetheless, public facing.
- EV (Extended Verification SSL): EV SSLs and High-Assurance SSL certificates offer much higher security validation. Human monitoring ensure that phishing scams and fraudulent activity are quickly detected, whilst the in-depth verification process ensures that the website itself is in the highest possible standing.
Visitors to your site will know that you are in possession of Extended Verification SSL from the green bar which displays across the URL bar to indicate that you have taken the step to ensure optimum security. This is the certification you require if your website deals in sensitive and/or transactional data.
At Creative Brand Design, we are now making SSL/HTTPS mandatory for all our clients. We have made this decision on the basis that we wish to ensure that all our clients and their website visitors are safe and protected online, and to do our bit to make the internet a safer place for everyone.
If you are concerned about your site’s security, or wish to talk more about SSL certification for your website, please do not hesitate to get in touch with us. We will be happy to answer your questions and guide you in the right direction.