(image: Google security blog)
We have previously written about efforts from browsers, particularly Google, to nudge all websites into installing an SSL certificate. This is because an SSL certificate ensures there is a secure encrypted connection between a browser and the website being accessed. Without this, personal information or data that is input on the site could be intercepted.
In July, Google 68 will be released, which will mark all HTTP sites as “not secure”. Chrome already has an information icon displayed when a HTTP site is accessed, but the step up to include the ‘Not secure’ message is a way to inform users that their data is not protected.
Security and the GDPR
With the GDPR coming into force on May 25 and a growing focus on security of personal data, the timing of Google’s new move is not coincidental. Personal data is now being prioritised and the web needs to ensure that it does what it should do and can do to protect it. The reality is that the GDPR feels incredibly burdensome to some organisations, particularly SMEs, but regardless of size, all have to recognise that personal data has to come before profits. For more information about the GDPR, check out our rather lengthy post on it here.
Having said this, Google is not suddenly jumping onto any bandwagon regarding security and personal data protection. It has made ongoing commitments to improve security over the past several years. In October 2017, Google published a post to mark Cybersecurity Awareness Month, setting out the changes it has made and its reiterating its principles around security.
Arguments for HTTPS
When looking at the reasons why a website should have an SSL other than the fact that personal data should never be compromised, there are a few key arguments for this:
If you don’t have an SSL and a user sees the ‘not secure’ message in the browser bar, they may simply decide not to use your website and immediately go to one of your competitors. The risk of using personal data on an unencrypted site versus finding another website that does something similar to you will probably not seem worth it. They may quickly go to a browser, search for what they are looking for and instantly find several alternatives. Even if they have used your business before, they may no longer have trust in the site if they think their personal data is open to interception.
Therefore, to retain confidence in your site and to increase conversions, purchasing an SSL is a valuable and relatively minor investment.
Google won’t just encourage people to think twice about using a ‘not secure’ site, but it will incentivise sites that do have an SSL. In a post published in 2014, it said: “Over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.”
3. Site speed
Sites with an SSL load faster than sites without. This has a couple of benefits – the first is for the user, as they can get onto the site more quickly. The second comes back to SEO – earlier this year Google announced that as of the summer, it will factor in site speed into its rankings.
If you want to find out more about how you can evaluate a website’s performance, Google has published a blog providing more detail.
Get HTTPS today
Ultimately, installing an SSL certificate and making your website HTTPS is not expensive and this applies for any business of any size. Some companies may try to sell expensive versions and justify extra security features, but these aren’t always necessary. Don’t panic that you need one immediately and go for the first company you find – consider your choices, get quotes and put it down as an essential cost for your marketing or web design budget.
Of course this is where we say that we are happy to help and can do this for you, and we can, but ultimately we want to make sure everyone has a secure site so we would urge you to have one installed, regardless of who does it.