There is big news in the tech world this week. Google announced that it’s Chrome browser will now mark a website as “insecure” if it is not encrypted with HTTPS protocol. This further amplifies the need to have your website traffic encrypted, especially if you have a site that includes contact forms, sensitive customer information, or an online store. But what does this mean for your business?
As the title states, what does it mean when a website is encrypted, and how do you know if it is or not? If you have ever noticed when a website has HTTPS instead of HTTP before the URL, then that means that a website encrypts its traffic. HTTPS stands for Hypertext Transfer Protocol Secure. This notification to the server and the user’s end grabs any information given or received from the website and encrypts it so that no prying eyes or malicious persons can retrieve and make sense of the information. Below is an example of an encrypted site versus unencrypted site.
As one notices above, an encrypted site in Google Chrome is denoted by the green padlock next to the URL in the address bar. Even though various browsers have different ways of showing an encrypted URL, one should know that an encrypted site will always have a green “closed” padlock next to the URL. This will tell you that a site is going to encrypt all traffic passed through it.
An encrypted site will have a certificate from an established encryption authority (Digicert, Globalsign, etc.) that will verify that the site is indeed encrypted. These types of certificates can range in price anywhere from $10 up to thousands given the type of site, the web traffic, and specific type of encryption. Your site will then have either TLS or SSL encryption methods. Each has its benefits.
Starting in 2017, Google Chrome (used by over 70% of the population) will start marking unencrypted sites (those without HTTPS) with an “X” on top of the padlock icon. This applies to any site that asks for information such as passwords or credit card details. Eventually, Google Chrome will start to mark ALL websites that are not HTTPS as “insecure”.
It should also be noted that Google has hinted previously that a secure site may also have a benefit to one’s SEO. This basically means that it could only help your site if it adopts HTTPS.
If your website is not already encrypted, call your website administrator or designer and ask about making your business’ site secure, or you could be putting your customer’s personal details at risk. It should also be mentioned that websites that are encrypted experience more credibility. To see whether your site is secure or not, just look in the address bar and see if it has the green padlock. If it does not, your site is sending traffic unencrypted.
In the recent push to make the web more secure, Let’s Encrypt surfaced with aims to provide website encryption at no cost.
Let’s Encrypt provides the same type of encryption as paid certificates but it is completely free. The downsides of this new certificate, however, is that it might not meet the needs of everybody, rather it is great for most sites that don’t require the gathering of credit card details and similar sensitive information. In fact, BZ uses Let’s Encrypt for our own website.
With Google announcing that it will start marking insecure sites with a X in Chrome, other browsers will probably follow suit in the coming months. But with Google having the ominous search algorithm at their fingertips, it would make sense to want to adopt their recommendation, right? This is the real reason why your business’ site should be secure.
As always, Bailes + Zindler is here to help. If you have questions about encryption or how to get your website encrypted, give us a call. We now design all of our websites using HTTPS.
Seth Zindler