The Great HTTPS Cleanup
(and fix your current website security)
Did you realize your website was not secure? It may come as a bit of a surprise – or it may tickle the memory of something you heard as a rumour, but the truth is that Google™ is going the secure route for web traffic. A secure website is identified by the https:// at the far left of your address bar. The unsecured site is missing the ‘s’.
If you’ve spent any time surfing the Internet, you’ve no doubt encountered the big error screen that lets you know that website you are about to enter is unsecured. Danger! You might have jumped through the required hoops to forge on to your desired destination, but you will have that nagging thought in the back of your mind – Can I trust this website? Here’s what’s happened:
A Shift in Website Security
The internet is constantly evolving. Every year we are introduced to newer, faster, better products that promise to make our days and lives easier. With all the glitz and glam that comes with the newest monthly browser update (yay) it’s easy to overlook perhaps the most important aspect of browsing – website security.
At the 2014 Google I/O conference they announced “HTTPS Everywhere”, a very catchy phrase but to the majority of the world, it means absolutely nothing. In the coming
What is HTTP and how is HTTPS Different?
HyperText Transfer Protocol or HTTP is what you use every time you navigate to a webpage. It is the mail(person) of the internet world, delivering your webpages in a neat package right to your doorstep. If you add the word secure to the acronym you get HTTPS, the Brinks truck of the internet world. Websites still relying on plain HTTP lack the security of HTTPS and that means it’s easier for your mail (information?) to be stolen without you even knowing it. Google breaks it down into three layers:
Encryption. Encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages or steal their information.
Data integrity. Data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
Authentication. Proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.
For years almost all applications handling online payments have been required to use HTTPS but, as Google and Mozilla have shown, soon everyone will have to use it. Modern browsers want all users to know when a site isn’t secure. Firefox displays locks to the left of the URL bar and Chrome has started displaying “Not Secure” in the same spot if the site is still using HTTP. The main take away: Get on the HTTPS train or start losing customers.
While this has been a topic of discussion since 2014, it is only recently become a visible issue on websites. With the amount of personal information floating around the web we need to make sure we protect ourselves.
Big red “THIS SITE IS NOT SECURE” pages have been popping up on Chrome within the last few months. Site owners need to make sure their website security is updated or risk a tarnished reputation and customer loss. Google could flip the switch whenever it wants to its best to be proactive in a situation where your business could be at stake.
How to Secure Your Site
The first step on the path to internet security is purchasing an SSL certificate. PLAY offers a free website audit to determine what type of certificate best suits your business. There are many different types of SSLs to choose from. Depending on your business needs, certificates will vary in the level of security offered. The good news is that most websites can rely on a basic certificate, with e-commerce sites requiring a slightly more robust version. Once we have a solution for going secure, PLAY offers a convenient service for upgrading and installing your new certificate. Installing a certificate is something that requires a little more server savvy and PLAY has an abundance of web savvy.