Why You Need to Secure Your Website with SSL
Until recently, most website owners have not had to worry about special measures to secure their web pages unless they were conducting eCommerce transactions, or collecting sensitive information such as medical or banking data. But now all that is changing.
Google now officially recommends securing websites with HTTPS, which means that not only will this be important for organizations that want their websites to perform well in search, but more and more visitors will come to expect it.
In short, website security is no longer something for only certain types of websites to worry about – it's a best practice for all businesses and organizations that want to optimize their search engine performance, establish credibility with visitors, and maintain a professional web presence.
What is a “Secure” Website Anyhow?
Website security covers many areas , but for the purposes being discussed here, it means that the website utilizes SSL, which stands for Secure Socket Layer, a standard security technology that establishes an encrypted connection between a web server and a browser, with the URL prefixed with “HTTPS” rather than the standard and not-secure “HTTP” (with that extra “S” standing for “Secure”).
Put simply, SSL secures the information that is shared between you (the browser) and the website that you are viewing or interacting with. Any information that you normally submit to a website (or retrieve from a site) is sent as plain text and can be viewed if an attacker is able to intercept the information. SSL encrypts the information that is shared between the browser and the web server so that even if a user's information is intercepted by someone who is not supposed to have it they will not be able to read the data.
It's not hard to understand why SSL has historically been considered a best practice for any website that is processing transactions with sensitive data such as social security numbers, credit card numbers, personal health records, or login credentials. Now, SSL is becoming a best practice standard for all websites, including those that do not necessarily process sensitive data.
Google Wants You to Have a Secure Website
Back in 2014, Google introduced the idea of “HTTPS everywhere” and also indicated that websites using SSL would receive a small search benefit from https as a ranking signal. You would think that these public declarations would have been enough to get everyone using HTTPS as a new standard, but that never really happened on a wide scale outside of e-commerce sites that were already using HTTPS anyhow. But in 2016 Google really changed the game when they updated their Chrome browser to explicitly identify sites that do not use HTTPS as “Unsecure”.
Browsers Now Shame Unsecured Websites
You may have noticed that most common desktop browsers such Internet Explorer, Chrome, FireFox, and even mobile browsers, such as Chrome on Android, and Safari on iOS prominently show lock icons to indicate when a site is secure via HTTPS. Chrome, in particular, goes a step further by labeling standard HTTP sites as “not secure”.
Protecting Your Users, and Your Business
Last but not least, if Google's preference for secure websites isn't enough, consider your users. If your site is not secured with HTTPS it essentially means that ALL data submitted through your website could be intercepted by someone who is not supposed to have it – this includes contact forms, logins, chat logs, and browsing patterns. Do you really want to expose your users, and your organization, to that kind of liability?
Ultimately, for 2018 and beyond website owners will want to ensure that their websites are properly utilizing SSL and HTTPS for optimal security, search performance, and credibility with users.
If you need assistance making sure that your website is properly secured with SSL and HTTPS, as well as other security best practices for site maintenance, please feel free to contact us for a complimentary assessment or to discuss further.