Google is determined to see encryption used right across the web and it’s preparing to publicly shame businesses which don’t add HTTPS security to their websites.
While the HTTP standard is great for building webpages to share with the world, it wasn’t really designed for those times when you need to ensure that no-one is snooping on your online activities. That’s where HTTPS comes in, creating an encrypted link from a browser tab all the way to the webpage in an effort to foil anyone trying to eavesdrop in search of sensitive information.
When you’re visiting a HTTPS website, your browser displays a padlock alongside the URL to assure you that your web traffic is encrypted – you should always check for it before shopping or banking online.
Another benefit of HTTPS is that it uses signed security certificates to ensure that you’re really connected to your bank’s website and not a spoof website set up to trick you into entering your login and password. The encrypted connection also foils man in the middle attacks, ensuring a third-party website isn’t silently listening in whilst relaying traffic between your browser and your bank’s website.
If your business operates an e-commerce site which requires customers to enter payment details then you’re surely already using HTTPS to protect your customers, but there’s a push for it to be adopted right across the web. These days even mundane online activities can offer a treasure trove of insight to someone snooping on your online habits, which is why Google already uses HTTPS to protect search results pages.
Google also uses HTTPS as a ranking signal, which means if your website doesn’t use it you’re in danger of being pushed down in search results. Now the search giant is preparing to take its HTTPS push to the next level.
Google’s Chrome browser already alerts you if a standard HTTP page asks you to enter payment details, plus it displays an ‘i’ icon alongside any URL which doesn’t use HTTPS. Click on the icon and you’re told that any data you enter into this page could be intercepted by attackers.
As of October, Chrome will display ‘Not secure’ alongside the URL as soon as you start to type anything into a page which doesn’t use HTTPS. If this sounds like your business website then you need to move with the times and adopt HTTPS, or else visitors to your site will get a clear message that you’re not serious about security.
Thankfully Google offers plenty of resources for webmasters ready to make the move to HTTPS, while the cost of implementation has become more affordable. If you can’t afford for your customers to lose faith in you then you can afford to spend some time and effort upgrading your business website to support HTTPS.