This month website owners around the world will wake up to Google’s Chrome browser placing a “not secure” message on their sites. The difference between a secure site and one that’s labeled “not secure” ultimately comes down to the protocol in your url. You see, urls that begin with HTTPS (HyperText Transfer Protocol Secure) communicate with your browser via an encrypted connection, protecting the information that is being transmitted between your computer and the website you’re visiting, which keeps your personal information safe from hackers. Urls that begin with HTTP (HyperText Transfer Protocol) are not encrypted, which means your data can be intercepted by a third party. This shift in how Google Chrome identifies HTTP sites to users is significant when you factor in that Google Chrome has nearly a 60% market share and that close to 50% of all sites are still using HTTP (and are therefore unencrypted). That’s close to half a billion sites that will be displaying a “not secure” message to users who may decide to take their business elsewhere. And if that’s not enough to scare you into making your site more secure, Google will soon start favoring HTTPS sites in its search algorithm. Which means you could potentially lose your coveted search ranking.
If you’re wondering why Google is doing this, the answer is pretty simple. Google has a reputation to maintain, and if they’re directing traffic to websites that aren’t secure (without letting users know) then their reputation as a safe browser and search engine is in jeopardy. Given the rise of high profile data breaches and scams to steal user data, Google recognizes the need for all websites to be more secure (even ones that aren’t transactional). This update to Chrome is simply a way to alert users and nudge website owners to convert from HTTP to HTTPS.
For many companies the thought of having a security warning on their site is enough to cause a panic. Fortunately, testing the security of your site is fairly easy: just download Google’s Chrome Canary (the new version of chrome for developers), and if you’re still having trouble determining if your site’s connection is secure, you can troubleshoot on Google’s answer page. For the 50% of websites out there who are fully compliant and secure, you can give your CTO a high five and sleep easy tonight. If you’re part of the other 50%, there’s still time to turn things around. The first step is to find a partner that understands your security needs and can set you up for the long haul.
If you’re concerned about the security of your site or would simply like a consultation about how to increase your site’s security, contact us.