At the start of the year, we investigated why SSL certificates for eCommerce were an absolute must when it came to online security. However, back in January SSL was still very much a subtle suggestion on Google’s part. Yet, fast-forward seven months and Google has markedly stepped things up a gear.
Now they’re saying that from October, every site that deals with sensitive data will be required to have both an SSL certificate but to also move from HTTP to HTTPS – or else! Here’s the email that Google sent to its Search Console users detailing the moving of the HTTPS goalposts:
From October of this year, a large red cross will appear over the padlock symbol just before the site URL, this will happen for every website that doesn’t offer an encrypted connection. It will look a little like this:
As well as this, a “NOT SECURE” notification will pop-up on any website for Chrome users.
Google is encouraging webmasters to make the migration by warning that it could impact on search rankings. There is already evidence to back up the fact that Google is ranking secure sites more favourably – 40% of Google’s page one organic search results feature HTTPS sites, which is especially impressive as less than 1% of all sites are HTTPS secure.
Better rankings mean more traffic – the more people see your site, the more visitors you’ll get and Google knows this.
What’s worrying about all communications sent over regular HTTP connections is that they’re in ‘plain text’ and can be read by any hacker that manages to break the connection between your browser and the website. For Google, this is something everyone online needs to address.
HTTPS is different, because of the last letter. The ‘S’ is a security protocol that encrypts sensitive and personal information, (for example bank details) during online transactions in order to maintain secure connections and protect customer data.
This type of encoding allows exclusively authorised parties to access sensitive information, working effectively as a digital ‘handshake’ between two machine – the company website and the customer browser.
There are many tech and privacy experts who applauded Google’s plan. Eric Mill, a technologist who’s been working on web encryption said:
“Chrome pushing forward on marking plain HTTP as outright insecure is an incredibly strong and pro-user move […] despite how common plain HTTP can still be today, it’s outright insecure, and a real and present danger to users and to the open web.”
It clear that online security is a top priority for Google and a re-evaluation of their ”softly, softly” approach is essential. It’s time that we all made security online a top priority as many customers want to feel secure when sharing sensitive information online. It could really harm your reputation online, not to mention those search rankings you’ve spent years nurturing. Don’t lag behind – make the change to HTTPS today!
If you need help on how to make the switch from HTTP to HTTPS, iWeb can help. Drop us a line!