What is Encryption and HTTPS and Why Google is Cracking Down on Website Security

with No Comments

Note: this post is intended for non-technical folks. I wanted to explain HTTPS and encryption. Website security will only increase in importance in our near future. I dug deep to explain the more complicated tech terms. My hope is this blog post helps you in your decision to encrypt and protect your website.

Google actually wants to keep your website safe and secure. In the near future your Chrome browser will alert you about unencrypted websites as “unsecure” with a red X over a padlock in the URL bar.

What is encryption and HTTPS?

It’s a secure layer on top of your normal HTTP site. Most websites use http://www.website.com.  Typical encrypted sites you’ll see right now are e-commerce, or sites with forms/logins that deal with sensitive material.

Right now, Chrome shows only an icon of a white page when a website doesn’t have HTTPS. A green padlock appears when a website HAS HTTPS. There’s a red X when something is wrong with the HTTPS, indicating a warning.

Most websites have just HTTP. When the data is exchanged between the site’s server and user, anyone with the knowledge and ability can snoop on the conversation.  Hackers and criminal can easily grab sensitive information like a password.

HTTPS protects user data as well as verifies if an user has gone to a verified site, as opposed to a fake site. Hackers will set up a fake version of a website that users normally trust and be willing to “login”. These fake sites allow the hackers to easily grab passwords.

HTTPS also protects against hackers and prevents them from hijacking the connection between the website and server. HTTPS also prevents hackers from injecting malware. Malware software that is intended to damage or disable computers and computer systems.

Why Google and other companies are motivated to secure the web

Google has been making plans to deal with website security since 2014. Someone from the Google Security team recommended to mark all HTTP websites as non-secure. Google also announced that it would also rank encrypted sites higher in search results. The famous company also made a similar move in April 2015 stating that all websites that were not optimized for mobile would have lower search rankings.

Mozilla and Apple have also stated that they back up website encryption and HTTPS. The US Government has taken steps and now requires all websites ending in .gov to have HTTPS by the end of 2017. There’s been a lot of companies and organizations that are pushing for web encryption as part of a campaign “Encrypt All the Things“.

Recently, in January 2017, Google started to label some pages in HTTP as nonsecure when a user used the latest version of the Chrome browser. Nonsecure is data is being exchanged in unencrypted connections.

On October 24, 2017, Chrome will label HTTP pages as insecure if any user can input data on a website. This could be as simple as a search box or simple form. Firefox browsers are starting to roll out warnings as well.

What are best solutions you can take to protect your website?

1) Have a discussion with your web designer or programmer and see how they can help you get an SSL Certificate. A SSL Certificate is a digital certificate that certifies the ownership of a public key by the named subject of the certificate. It simply verifies that you are who you say you are.)

2) If you are doing your website DIY style, have a conversation with your web hosting company. Premium web hosting companies will provide SSL Certificates as part of their packages (such as FlyWheel and WPEngine). Other companies like HostGator charge an additional fee and might have extra charges as well.

3) Here’s a safe tool where you can check and see if your website is currently using HTTPS (or has an SSL Certificate): https://www.wormly.com/test_ssl

SSL Certificates can be free or cost up to $49.99 a year. Be sure to consult with a trusted web designer or programmer on what the best options are for your website.

Not everyone needs to have an encrypted website. A website with just content (such as photos) but no interaction like a brochure website works as an exception.  These websites don’t contain a login or search boxes.

But the majority of business owners out there own interactive websites. When you weigh out all of the pros and cons – wouldn’t you rather protect your data and the data of your customers. 30,000 sites are hacked EACH DAY. Having an encrypted website can add another layer protection!