Technology is evolving at a rapid rate. Globally, close to 3.8 billion people use the Internet, which is almost half of the worlds population according to Internet World Stats. The Internet, its infrastructure, and how we as consumers access and connect to information is in an endless state of continuous change. While this presents many opportunities and conveniences in the way that we bank, shop, interact, and consume information, it also presents a new wave of risk. Given the sheer number of worldwide Internet users, it’s no surprise that every day thousands of consumers fall victim to Internet scams, fake or fraudulent websites, or worse, have their data hacked.
With the increasing prevalence of fraudulent websites, hacking, data breaches and cyberattacks, the key to web security is building multiple layers of protection, which is exactly what Google is doing. With a mission to help all consumers and their data to become more protected, Google is beefing up its security with changes to HTTP/HTTPS.
As of October 2017, Google has announced that it is on a mission to decrease the number of HTTP sites as a way of better improving the security of their online user base. Since 2014, Google has made an emphasis to encourage website creators to switch their websites to HTTPS, incentivizing the switch by giving those who switch to HTTPS small ranking boosts.
The difference between HTTP and HTTPS boils down to one element: secure versus not secure.
HyperText Transfer Protocol (HTTP) has no level of encryption between a user and a website. For example, if a website is HTTP, there would be no degree of encryption between you, your data, and the website. That means that if you were to share any personal information, including personal details, credit card information, your email, and so on, it is very possible that this information could be accessed by a third-party somewhere in the non-secure connection that occurs between you and the site. Scary, right?
Luckily, HTTPS, or HyperText Transfer Protocol Secure, is the solution. Sites using HTTPS first encrypt information, and then exchange it. Using HTTPS, computers use a code to scramble messages, data, and information so that no third-party can read the information, keeping it safe and making it extremely difficult to decrypt. HTTPS and codes can only become operational through a Secure Sockets Layer (SSL) certificate that ensures the site is securely encrypted. The image below is a great visual representation of this:
Source: Indago Digital
Google has now updated their security so that when a website is classified as HTTP, a warning message will pop up saying the website is “Non-Secure” on both incognito and normal viewing modes in Google Chrome. For those who don’t switch to HTTPS, this message could be a hard-hitting blow to web traffic, impacting click-through rate (CTR) as well as potentially costing sales and brand adoption. Consumers will be more hesitant to enter personal information and payment details on non-secure websites, and could result in higher bounce rates, hesitancy, as well as a complete avoidance of HTTP websites in general. On the other hand, those that do update their HTTP website to HTTPS will display a “Secure” message on Chrome browsers, and will receive a slight rankings boost.
While many appreciate Google’s commitment to the safety and security of its users, the downside of these changes is that there is widespread impact on SEO efforts. Transitioning your website to HTTPS will improve your SEO rankings, and those websites which remain HTTP will likely fall below the rankings.
So, how do you shift your website from HTTP to HTTPS? You’ll need an SSL certificate. While getting an SSL certificate can be done numerous ways, the easiest and most secure way is to go through your host. Depending on your website, your host could be GoDaddy.com, Bluehost or SiteGround. Purchasing an SSL certificate can be fairly affordable depending on your website, its size, and its functionality. However, if you don’t know who your host is, or if you have additional questions, we can help. The team at William Joseph is also able to help you obtain a valid SSL certificate, whether you’re a current client or not.