It’s finally happened. Google is visibly marking websites as “not secure”.
They told us they would do it, a long time ago. And now they are.
So it’s not a problem, right?
Wrong. There are still lots of websites that are “Not Secure”.
Is yours one of them?
What’s the deal? A website is a website is a website, right?
Not when it comes to the security of your information.
Here’s what Google is now doing in their Chrome browser: When you go to a regular HTTP website page that has any place to enter information (search field, message form, order form and so on), the very moment you start typing, the page will display “Not Secure” in the address field at the top of the browser window.
And if you use the incognito mode in Chrome, ALL webpages that are HTTP will display “Not Secure”.
Is that bad? YES!!
That’s enough to make me think twice about entering personal information on that website. That means missed inquiries, lost orders, fewer donations!
Just a rough guesstimate: How much will this cost your organization? (Hint: more than the cost to upgrade to HTTPS)
I covered the details of what a secure website is in this post earlier this year. Check it out for all the details: Is your website secure?
On a regular HTTP website (that’s been the standard until recently), when you enter information anywhere on that site (search field, message form, order form, payment info), that information is sent back to the server where the website resides in PLAIN TEXT. Makes it really easy to steal that info.
It’s like putting all your banking info on a postcard and mailing it off. Of course you wouldn’t do that.
The better and new standard is for communication between your browser and the website server to be encrypted, so it can’t be read along the way by prying eyes. Banks have used HTTPS for a long time. It’s time for the rest of us to wake up and think secure.
It’s a relatively simple change for most website owners. It does involve some cost and may mean moving to a new website host or at least a different hosting plan, but the added security is well worth it.
Just stop and think for a moment: Will your customers or constituents be happy to provide their personal information on a form that clearly displays “Not Secure” in the address field?
You may say, oh, but that’s only in Google’s Chrome browser. I don’t use that browser.
Great. Can you vouch for all your customers or constituents that they don’t use Chrome?
I predict that now that Chrome has opened the floodgate on tagging web pages with forms that are not secure, the other browsers will follow suit and it won’t be long before sites that are using regular HTTP will be displayed as “Not Secure” even if you don’t have a form on the page.
All the phishing and spoofing where-less-than-honest people create look-alike websites to get unsuspecting website visitors to give up their personal information means this will not go away.
HTTPS is the new standard for all websites. Don’t be the last to make the switch.
Today there is absolutely no reason to launch a new website that isn’t using HTTPS. Even if it’s just one page, with no form.
And there’s no reason to not update any and all existing websites to HTTPS. None at all.
Will my web hosting costs go up? Maybe a bit, depending on if you have to change hosting plans and the cost of your security certificate. But if you upgrade to a better hosting plan in the process, your website will be faster and more reliable, so a win-win.
Isn’t it a lot of hassle to switch to HTTPS? A little work, yes. But it’s a one-time deal.
Will my website be unavailable for a long time when making the switch? No. Good planning will minimize any downtime to a time when your site doesn’t receive much traffic anyway. Downtime could be as little as 20-30 minutes.
Value of increased customer confidence? Priceless.
Now tell me which you’d rather trust: The one on the left that shows up in ANY browser as SECURE (with a padlock) or the one on the right with no indicator by it and that displays “Not Secure” as soon as you enter any information on it in the Chrome browser?
Okay, I’m convinced. What do I need to do?
- Talk to your webmaster or hosting provider. They are familiar with your current hosting setup and can advise you on what changes/upgrades need to be made to switch over to HTTPS for your website.
- Don’t have a webmaster? Thinking of changing your hosting provider? Contact me for a free Website Review or Consultation and I can explore your options with you. Contact me now.