It’s no surprise Google is leading the charge to help protect users when they’re sharing critical data like passwords, credit card information, and other personal information. For some time now, Google has been talking about universal encryption, pushing site owners to migrate from HTTP to HTTPS (hyper text transfer protocol secure). HTTPS adds a security blanket to connections between web servers and users’ browsers through the use of secure sockets layer (SSL) certificates, particularly text fields where users enter in their personal information.
Most users are familiar with using HTTP when typing a site into their URL bar. HTTP is a common protocol and has been around for years. The downside is HTTP is not secure. Cyber criminals can manipulate and steal users’ personal information as its being transferred to and from web servers to users’ browsers. And the pool of targets cyber criminals can pursue is growing significantly larger. In 2022, there is expected to be 6 billion internet users on the planet, up from 3.8 billion users in 2017, according to Cybersecurity Ventures. The damage cost of cybercrime is also staggering which is forecasted to cost $6 trillion by 2021, up from $3 trillion in 2015.
You’ve Been Warned
In early 2017, Google introduced a new icon on their browser’s URL bar reflecting a padlock icon and the word “Secure” for those sites that are HTTPS compliant and have SSL in place. You can find this on popular sites like Amazon, Facebook, and Twitter. Google also started flagging conventional HTTP sites as “Not Secure” in the URL bar and warning users when they began entering data into an unencrypted field. The next version of Google Chrome (Chrome 68) is due out in July 2018 and the search engine giant is turning up the heat. Any HTTP site will be marked “Not Secure” regardless if text fields exist on a webpage or not.
Is HTTPS worth it? What action if any should small businesses take now? Below are some of the most common misperceptions about HTTPS and SSL and the truths behind these myths.
Myth #1: HTTPS is expensive and time intensive.
The Truth: Free SSL certificates that enable HTTPS are available today, although be sure and check with your web developer to ensure most browsers and devices will accept free SSL. In most instances, you can find affordable certificates between $130-180 that offer warranties and widespread support across browsers and devices. SSL also doesn’t have to be challenging. Organizations just need to understand the type of data that needs encrypting, where it resides, and who should have access to it.
Myth #2: HTTPS produces latency.
The Truth: HTTPS shouldn’t have any material impact on the speed of your site. In fact, one site httpvshttps.com even claims an unencrypted version of the page loaded more than 300 percent slower than HTTPS.
Myth #3: HTTPS sites don’t rank any higher than HTTP sites in Google searches.
The Truth: In 2014, Google stated it would give preferential treatment to sites with SSL, giving them a SEO boost over their unencrypted counterparts in online searches. Google is also blacklisting HTTP sites that trigger deceptive content warnings which is unsafe code that lures users into giving up personal information. Nearly 60 percent of web pages today are loaded with HTTPS, according to Firefox telemetry, which means industry is sitting up and taking notice.
Myth #4: HTTPS sites can’t be hacked.
The Truth: SSL protects visitor’s data in transit from your web server to their browser and back. SSL doesn’t protect your website from being hacked. It’s foolish to think a security solution will protect data 100 percent of the time. It’s not a question of if your organization’s data will be compromised, but a question of when. However, encryption can lessen the sting of a breach since encrypted data requires a key to access that data.
Myth #5: HTTPS is only for large enterprises, not small businesses.
The Truth: Visitors expect a secure browsing experience regardless of the size of your company or website. If you have an e-commerce site, conduct transactions, or collect customer data, SSL is critical. A secure website can also strengthen your brand and build trust within your customer base, particularly when they see that padlock icon in their URL bar.
Don’t upset Google. Protect your customers’ data. Improve your search rankings. Consider making the migration to HTTPS today, the leading standard for secure sites. We’re here to help guide you through SSL and the certificate(s) that are best for your site. Reach out to us here.