Google has got a bee in its bonnet about insecure websites. And it’s a rather big bee.
So big, in fact, that it’s now shining a very bright spotlight on any website that doesn’t have an SSL certificate.
“HTTP, we’re readying to call you out for what you are: UNSAFE!” tweeted Parisa Tabriz, manager of Google’s security team last January. She was referring to an upcoming change to Google’s Chrome web browser that would make it ultra-clear when websites aren’t secured via HTTPS.
What is HTTPS?
Hyper Text Transfer Protocol Secure, to give it its full name, is simply the secure version of ‘HTTP’, which is the industry standard protocol over which data is sent between a user’s browser and the website they’re viewing.
Websites that use HTTPS benefit from encrypted communication between the browser and web server. From a user’s perspective, the presence of HTTPS is usually denoted by a padlock symbol in the address bar of modern web browsers, but ‘https’ will also be present in the URL (e.g. ‘https://www.ihm.co.uk’).
So, what is Google doing, exactly?
The change to Google Chrome adds a prominent red ‘X’ to the padlock symbol whenever a website that doesn’t use HTTPS is detected. Previously, it simply displayed a blank white page symbol for such websites.
Originally announced back in 2014, the rationale behind the change was obvious – Google wanted to make it blindingly clear to the user when a website was using insecure methods to transport data to and from their device.
Insecure websites increase the opportunity for hackers to snoop or intercept communications – a threat that is more prevalent than ever in the digital economy and a key concern for anyone using the web. The presence of a red mark against a website, therefore, is likely to be taken seriously by most people.
“The goal of this proposal is to more clearly display to users that HTTP provides no data security,” Google’s Chris Palmer accurately summed up in an open forum back in 2014.
What’s an SSL certificate?
An SSL certificate is a small file stored on a web server which adds a cryptographic key to the data. When installed, it automatically activates the HTTPS protocol and enables the aforementioned secure transfer of data to and from web browsers.
The benefits of HTTPS and SSL for business
There are few threats online greater than hackers looking to steal vital personal or business information. If your business website has a valid SSL certificate installed, you’ll have taken a huge preventative step against hackers and those intent on intercepting your communications.
Without SSL and HTTPS, both your business data and that of the customer is at risk. The potential consequences of a breach simply don’t bear thinking about, and with Google Chrome now making it very clear indeed when a website isn’t secure, the brand damage and potential loss of business for those without SSL encryption could be significant.
Equally, and although not explicitly mentioned during Google’s announcement of the new Chrome feature, there’s always the chance that the search giant could begin penalising websites that are insecure by dropping their ranking within search results.
With relatively low cost of SSL certificates and the odds stacking up against insecure websites, investing in HTTPS is advisable for businesses of all sizes.
How do I add HTTPS to my business website?
So, you understand you need to add HTTPS to your website. Great! But how do you go about doing so? Thankfully, the process is relatively straightforward.
Just speak to us and if you use our hosting services we have the expertise required to get an SSL certificate up and running.
It’s time to get secure and avoid the wrath of Google.