digital strategy, ecommerce, gdpr, security, seo, website hosting, website security, website top tips

Don’t yet use HTTPS for your website? Google could mark your site as ‘insecure’

If you want to make your website more secure, both for your business and its customers, one of the best ways to do it is to use an encrypted HTTPS connection. This effectively encrypts all data sent between a user’s browser and your site.

Sites that already use HTTPS currently display a ‘secure’ or padlock symbol in the address bar of a user’s browser, which does wonders to reassure a user that the site is safe, secure and credible.

Google changes are coming

Anyone who doesn’t yet use HTTPS for their site could soon be in for an unpleasant surprise, as Google has plans to mark all such sites as ‘insecure’ when visited through it’s Chrome browser. This shouldn’t come as a shock really, as Google has been gradually rolling out this change since January 2017 – starting with Chrome 56.  It is part of a long-term plan to eventually force all sites to use HTTPS, marking all who don’t with an ‘insecure’ icon which is bound to be a turn-off for security-conscious web users.

At the moment, sites which currently use HTTP (the ‘S’ in HTTPS stands for ‘secure) are given a neutral indication in the address bar which does not currently cause customers alarm – but which may make them hesitate when handing over their credit card details.

Understanding HTTPS

Sites which use HTTPS are able to encrypt communications using either Secure Sockets Layer (SSL) or Transport Layer Security (TLS). When a user connects to your website, the site sends its trusted SSL certificate to the user’s browser. This is when the site can be marked as secure. Crucially at this stage, the website and browser initiate what is known as the ‘SSL handshake’ – which is when a uniquely secure connection can be established.

Why use HTTPS?

As well as avoiding this kind of penalisation from Google, which could lead to customers being put off using your site, there are other persuasive reasons to make the switch to HTTPS:

  • Security for users. The encrypted, secure and trusted connection created by HTTPS gives your site credibility and protects the user’s confidential, sensitive information. It is vital for e-commerce businesses for this reason, as customers need reassurance that your site is safe before entering payment information in order to purchase products.
  • Three layers of protection. The first is encryption of exchanged data, keeping it away from eavesdroppers. The second is integrity of data, as it cannot be corrupted or modified during transfer. The third is authentication, proving to users that their communications with your website are secure.
  • Best performance and powerful new features. Some people worry that HTTPS will slow their site down, but it can actually be much faster than HTTP. And, according to Google, it can support powerful new features that are too sensitive for HTTP.

Now – how much will switching to HTTPS cost? It does require a financial commitment, but is now more affordable than it has ever been – plus most sites consider it well worth it when considering the above benefits.

Google has some advice and support for securing your site with HTTPS, but you can also take advantage of the expertise of the Ambos Digital team – please contact us for expert help.

further reading