By: Ashley Fontes, Tech Networks of Boston
Many people think that if your website doesn’t handle sensitive communications, you don’t need to have it secured with HTTPS - this is false! Hyper Text Transfer Protocol Secure (HTTPS) is necessary for protecting your users and the integrity of your website regardless of its purpose. It has also become a requirement in many web browsers.
Web powerhouses like Google, Facebook, and Mozilla have sent a strong message out to the world by offering for free SSL certificates with the organization Lets Encrypt. Since then, Google made it even harder for sites without HTTPS to work and be found online.
Depending on your skillset, you may need to hire a pro to get your site’s HTTPS working correctly. We’ve touched on a few important points below that explain why it’s worth the effort.
Why should you migrate your website to HTTPS?
There are plenty of benefits, including:
- You will keep valuable visitors who may turn away, because of the browser warning in Google Chrome (the world’s most popular browser)
- Customer information, like credit card numbers and even email addresses, should be protected
- You can accept credit cards directly on your website, including donations and event registrations.
- Visitors will trust your site when they see the green padlock icon in the search bar and verify that you own the domain and they are seeing the site accurately.
- Your website will benefit from a search engine bump from Google!
So what is HTTPS?
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. HTTPS is often used to protect highly confidential online transactions, but now it’s the standard to protect your website as a whole.
Web browsers such as Internet Explorer, Firefox and Chrome also display a padlock icon in the address bar to visually indicate that a HTTPS connection is in effect.
What does HTTPS do?
HTTPS helps prevent intentionally malicious attackers from tampering with the communications between your websites and your users’ browsers. Have you ever visited a website and been alerted with pop up ads that won’t go away? This definitely ruins the user experience and can happen when the site is not protected. All communications sent over regular HTTP connections are in 'plain text' and can be read by any hacker that manages to break into the connection between your browser and the website.
Now that you’ve read about the importance of HTTPS, we've included some ways you can evaluate your site.
Step 1: Check your site
Copy your website address and paste it into the search bar. Is it HTTPS (or missing the S?) and does it have a padlock in your browser? If you aren’t sure, check it with this tool: HTTPS://www.whynopadlock.com/
If either is missing, you’ll want to read on to learn why you need to make your website secure ASAP.
If your site has HTTPS but isn’t set up right, web visitors will be prompted with worse warnings than not having HTTPS at all! Make sure you check with the tool above after you make the switch.
Step 2: Mitigate
There is more to installing HTTPS and changing your URL than we can touch on in this one article. However, we’ve included some additional reasons below that will support your request to switch to HTTPS and budget for regular web maintenance that will encourage buy-in from your team.
If you are currently paying for web maintenance, and your site isn’t on HTTPS, your provider has not been fulfilling their duties.
Your web maintenance people may also be slacking if:
- Your site doesn’t work well on mobile phones
- Your site is slow to load
- There are many broken or images links on your site
Being on HTTPS can prevent intruders intercepting and tampering with the communications between your websites and your users’ browsers. That’s serious.
- We’ve already mentioned that 43 percent of cyber attacks target small business.
- Reports show that 85 percent of consumers would abandon making a transaction if data was sent over an unsecured connection. There is also research to support that 82 percent of people wouldn’t browse an unsecured website.
Even if you don’t take donations or other transactions, people associate the green padlock with more secure.
What to do after your site is secure
If your site is secure, website-maintenance activities are still needed to cover some business-critical key areas. Regular website maintenance will allow you to attract and retain customers, maintain search engine rankings and present new information, events, products and services to your visitors. Some examples of website maintenance include keeping your software up to date, performance and website speed monitoring, infrastructure maintenance, risk management and training for your staff in keeping content fresh.
If you have a mission-critical website, it is important that as part of a maintenance plan, your backups and the performance of your website is checked. Your website software should also be updated regularly by a seasoned professional, who can check that there are no conflicts generated by an update.
Tech Networks of Boston is available to provide website maintenance and security services to make your site secure and successful. Feel free to contact us for details.