The Case for HTTPS & Why Website Security Matters to You

Iain C

Website security is one of the most talked about aspects of running an on-line business these days, but what does that really mean for business website owners. How do they get the benefits of having a secure website without major disruption or an excessive cost burden

If you have not been living under a metaphorical rock recently you will have seen and heard all about website security.  Mainstream media report on a regular basis about the latest high profile hack and resulting data loss.

 

More relevant to business website owners perhaps is the move to having “HTTPS Everywhere”.  That is the effort by Google and others that are attempting to make the web more secure, more secure for users and visitors to websites as well as more secure for website owners.

Essentially their vision of the web is that every website, no matter what its purpose or reason for being should employ encryption to make all their connections pass over a secure network meaning that they cannot be intercepted by third parties whilst being transmitted.  In an effort to make this happen and to inform website visitors when their data is at risk all major browsers have introduced warnings about website security that you have likely noticed yourself.

Back in the day (a few months ago!) it was technically difficult and expensive to have a secure site so unless you had an e-commerce site or collected sensitive or personally identifiable data there was no need to be secure.  Add to that the possibility of slowing the site down and warnings when there was mixed insecure content most site owners that did not require security opted not to.

Today the story is a little different, Google offer a ranking boost to sites that are secure, the performance issues of the past have been mitigated and browser warnings on insecure sites are driving visitors away from your site.  In fact, there are a number of beneficial reasons to jump on board the HTTPS bandwagon.

What is HTTPS & SSL?

HTTP stands for HyperText Transfer Protocol.  That’s the bit before the www. in web addresses that you do not need to type. This is the method allows communication between different systems, in simple terms it is how data gets transferred from a web server to a browser so you can view web pages.  This data transfer between the server and browser on your machine is not secure by default, that means that it is possible for the data to be intercepted by unscrupulous parties whilst it is in transit.

HTTPS is a secure version of HTTP (the S stands for secure) which encrypts the data whilst it is in transit meaning it cannot be tampered or interfered with whilst it is in transfer.  To make this happen you need…

SSL stands for Secure Sockets Layer; this is the technology that creates the encryption between the 2 systems.  A SSL Certificate is issued by a Certificate Authority and the web host provides certain encrypted keys for the browser to show the encrypted dat.  Of course it is rather more complicated than that but for our purposes it is more than enough information.

Why HTTPS is important!
Regardless of the size or functions of your website it is simply a good idea to become secure.  Even the most basic site with no data collection or CMS of any kind will benefit in terms of visibility and visitors.

1.  Browser Warnings

non-https browser warning showing 'not secure' statement
You have seen them, the range from the words “Not Secure” in the browser bar to the page not showing until an exception is made.  All of these are designed to keep your visitors informed and safe, all of these are likely to urn some visitors away from your site. A happy green padlock or ‘secure’ notification means visitors immediately trust a site more knowing they are taking security seriously.

2.  Form Warnings

non-secure online form warning of phising attempts
On pages with forms browsers are now showing a warning right in the form field where visitors are entering their details.  This is currently affecting login formsand those with a password field.  in all likelihood this is affecting visitors already and is a compelling reason to purchase a SSL certificate.

3.  User Experience


Visitors have become used to having a secure experience and having their privacy protected, as such they are more likely to leave a site that is not secure and are extremely unlikely to make a purchase from an insecure site. The warnings above all serve to reduce user confidence in a website that is not using HTTPS to the point where not having a secure site reflects negatively on a visitors perception of the whole business.

4. SEO

Google pays attention to your website security efforts,  security is at the heart of everything Google does, so much so that  a couple of years ago they announced that HTTPS was a ranking factor1.  Secure websites receive a small boost in rank from the search engine.  The industry feeling is that pretty soon the security warnings willl start appearing on the ranking pages much like the current mobile friendly warnings.

5. Performance

No longer does HTTPS & SSL slow down your website, in fact combining HTTPS with the latest version of HTTP (HTTP/2) actually provides a performance boost.  Add to that that nearly all the current web technologies support HTTPS and that emerging technologies are not supporting insecure connections then you have another reason to make the change.

6. Future Proofing

The direction of travel is clear, security is top of the list of website must haves.Visitors expect it, people who do business with you expect it and the web is likely to make it impractical not to have HTTPS installed.  Sooner or later you are going to have to bite the bullet and make the switch to HTTPS or be left behind and forgotten about

In Summary the best case for switching to HTTPS is that it is becoming best practice and visitors will no longer want to engage with insecure sites.  If you have a content management system, a website contact form, a login area or collect data of any kind you really must switch to HTTPS.  If you have none of the above you should still switch as it is likely that no one will want to engage with your site as time goes on.

Want us to make the switch for your website?  Email or call now on 01733 309666 or raise a ticket at https://www.wellandcreative.com/helpdesk/.

1 HTTPS as a ranking signal – official google announcement.

Further reading:
50% of page one results are HTTPS.  Search Engine land.
Why HTTPS matters – Google.

Copyright © Welland Creative 2019
All Rights Reserved. Designed and Developed by Welland Creative