Ahead of the next Google update, we wrote a guest blog for TechSPARK and thought it might be useful to our customers, too, now that the last reminder to claim your free SSL certificates has been issued. If you missed the reminder, you can view it here.
There’s a new security update on the way, but it’s nothing new.
Google has been working hard on securing the web and its users over the years, and back in 2015 it took its promotions of Hypertext Transfer Protocol Secure (HTTPS) to the next level by adding a slight ranking boost to HTTPS URLs in search results and adjusting its indexing systems to prioritise HTTPS pages over their less secure HTTP counterparts. Up until now, there have only been rewards on offer – from January 2017 that will all change.
What’s the difference between HTTP and HTTPS?
HTTP is the protocol over which data is sent between your browser and the website you are connected to. Basically, the S in HTTPS stands for “secure” and means all communications between you and the website are encrypted and therefore safe from eavesdropping, man-in-the-middle attacks and data modification.
HTTPS works with another protocol, Secure Sockets Layer (SSL), to encrypt and safely transport data. This is where SSL certificates come in handy – you’ll notice when you visit secure HTTPS websites that the address bar has a padlock icon (see left) and some certificates even turn the address bar green. This signifies to visitors that the information they submit to the site is safe.
Which brings us on to SSL certificates…
Depending on the site you want to secure, there are many different types of SSL certificates available.
On the higher end of the spectrum are the Extended Verification (EV) SSL certificates that offer the strongest encryption on the market, a $1M warranty and liability protection insurance and a green address bar.
These can take up to 10 business days to verify and issue, while the free SSL certificates that we are offering our hosting customers are the perfect entry-level solution that can more or less be set up instantly and will only encrypt communications. These are great for smaller websites that don’t deal with large amounts of user information but still collect customer details.
So what’s Google got to do with it?
As part of Google’s ongoing mission to build a more secure web, it’s now become imperative for businesses to seriously consider whether or not they need an SSL certificate for their websites. Not only would your secure website be favoured in search, it’s expected to soon be favoured by the visitor.
From January 2017, Google Chrome will start marking HTTP websites as “not secure”. In the first phase this will mean that visitors to your website will see the following security warning in the address bar of their Chrome browser:
Gradually, Google’s criteria will become more stringent and the HTTP warnings will be extended to Incognito mode. The end goal is to label all HTTP sites as non-secure with a red security indicator:
Start preparing your website now
We expect more major browsers will follow in Google’s footsteps. This could have serious implications for businesses who haven’t made the switch to HTTPS, not just for website traffic and performance, but also damaged customer trust.
It’s a relatively easy security update to get ahead of – speak to your hosting provider or web developer in the first instance to identify what level of protection your site will need. The more basic SSL certificates can be implemented in no time at all, while more comprehensive ones will require some admin and time to verify.
And, once you’re at it, why not take the opportunity to review your business’ current cyber security status seeing as DDoS attacks are increasing at an alarming rate? A vital part of any business continuity plan is backups, but simple measures such as two-factor authentication and IP restrictions can really strengthen your security.