The Question Is Not Why You Should Go Secure, But When!
You may have read a lot over the past couple of years about how Google recommends having a “responsive” website so that your site works on all platforms, from desktops to smartphones. If so, you probably also know that Google loves responsive sites.
With any luck, you’ve already spent the time and effort on getting a mobile-friendly website, and you’re thinking, “Ok, what’s next?” Well, in addition to making sure viewers can easily read and navigate your website, Google is now encouraging website owners to make sure that the communication between you and your visitors (potential clients) is protected from the very first time they visit your website.
SSL and HTTPS
Security necessarily involves talk of HTTPS and SSL, so let’s get the definitions and some explanation out of the way first, and then we’ll move on to the good stuff. [Warning: tech-speak ahead.] HTTPS, or Hypertext Transfer Protocol Secure, is the secure version of HTTP, the protocol by which data is sent between your browser and the website you are connected to. The S at the end of HTTPS stands for “secure.” It means all communications between your browser and the website are encrypted, and it’s a Secure Sockets Layer connection, or SSL, that transforms HTTP into HTTPS. SSL is the standard security technology used to establish an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private.
What HTTPS is not going to do for you
HTTPS isn’t going to protect your site from malicious attacks or hacks from dubious characters. By that, I mean this type of security is between you and your visitor – it isn’t the same as virus protection software or your server security. It won’t stop hackers from trying to guess your password and hack into your site.
So if is doesn’t protect my website, what does it protect me from?
Quite simply, using HTTPS protects you from “man-in-the-middle” attacks, where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
Why are you telling me to do this?
When HTTPS is missing, the possibility of man-in-the-middle attacks becomes more prevalent, and those attacks can have terrible consequences.
Google is asking for all websites to add this security to ALL sites, not just e-commerce sites but every site. Think about all of the sensitive data you transmit on a daily basis through your browser: emails, instant messages, credit card purchases, usernames and passwords, personal information, and so on. If this data is not encrypted, then anyone can snoop around on your internet (especially if you use Wi-Fi) and intercept that data.
At the end of 2015, Google acknowledged that sites using HTTPS will get a boost in their rankings, saying:
….We also started giving a slight ranking boost to HTTPS URLs in search results last year. Browsing the web should be a private experience between the user and the website, and must not be subject to eavesdropping, man-in-the-middle attacks, or data modification. This is why we’ve been strongly promoting HTTPS everywhere.
[Official Google Webmaster Blog]
Why SSL is important for public Wi-Fi connections
It’s a common misconception that SSL is only important when websites are handling private data, but going secure means that while someone can see that a person is on your site, they are unable to determine which pages they are actually visiting and have access to what data is transmitted. So when your clients are in Starbucks or using a free Wi-Fi hotspot anywhere to access your site, SSL ensures that the communication between the two of you is secure, they’ll be no unwanted advertising appearing on your site, and more importantly there’ll be no data “snooping” or “phishing.” The online communication between you and a client will be as private and confidential as if that client were in the office with you.
What, why, when and how am I going to protect myself?
So what’s in it for you?
- You are giving your visitors the confidence that what they share with you is between you and them and no one else; the details cannot be seen by prying cyber eyes.
- With HTTPS, Google is giving you that small boost over your competitors at this moment. As more companies adopt HTTPS, this advantage will disappear but at least you’ll have a head start.
As an SEO specialist, I’m often pushing for the SEO boost, but in the case of online security, I’m not. What we want to do is to improve the user’s experience when they visit your site, so that both of you are protected from the outset of your relationship. If your rankings and traffic end up benefiting from HTTPS, then that’s an added bonus.
The when and the how really go hand in hand. When are you going to protect your web communications? As soon as you can; why wait? How? Call the company responsible for your website, the developers, or even your hosting company. Many hosts already know this update is imminent and have made the purchasing of SSL certificates straightforward. Your webmaster should be able to help get you started, but you will probably require a developer or SEO strategist to update the site using tools provided by Google.
[A note to the more tech-savvy among you: there is a right way and a wrong way of doing the switchover. For more information, take a look at this article: Google’s FAQ On HTTP To HTTPS Migration.]