INFORMATION, TIPS AND NEWS ABOUT WEBSITE security
March 27, 2018 02:03 pm
Author: Agnes Talalaev
63,2% of internet users are using Google Chrome as their internet browser. And the latest updates that Google has made on Chrome make sure, that any website that has no security layer (TLS Certificate) will be marked as insecure. In July 2018, Google Chrome browser marked all non-HTTPS sites as ‘not secure’.
HTTP stands for hypertext transfer protocol. It is used to transfer data from a web server to the browser to view web pages. HTTP without “S” means that the data that is transferred is not encrypted. Therefore it can be intercepted by third parties to gather data that is being passed – meaning that hacker can steal your data or login information without encryption.
The data is transferred safely when there is a security layer used – that is called TLS certificate (Transport Layer Security). TLS creates a secure encrypted connection between server and browser, therefore keeps your data safe. Also, it makes your site look trustworthy when you have one.
Without HTTPS, any data passed is insecure. This is especially important for sites where sensitive data is passed across the connection, such as e-commerce sites that accept online card payments, or login areas that require users to enter their credentials.
By clicking on the green padlock on the URL, you can check if the certificate is valid, from whom the certificate has been issued and when will it expire.
“HTTPS and making sure your site is secure is an imperative at this point… Google will start marking things non-secure… The future of the web is a secure one, and so make sure people in your organization understand HTTPS, and it should be on the roadmap” – Thao Tran (Global Product Partnerships at Google)
Think about an e-commerce site – when was the last time someone bought something online from a website that they didn’t trust? Buying something online from a page that seems fishy is not what people usually do. So not only the reputation will be questioned, but the empty shopping carts will be left behind too.
So what a website or e-commerce site owner can do is make the “Why to trust?” visible to the customer. Here is where the EV certificate (will be explained later) comes in handy.
“Fitness Footware, the largest independent footwear retailer in the UK, for instance, saw shopping cart abandonment drop by 13.3 per cent and conversions increase by 16.9 per cent after adopting an EV TLS certificate.”
Talking about HTTPS and SEO – well Google has stated, that security has always been “a top priority” for them. Google’s Gary Illyes (Google Webmaster Trends Analyst) said that the company’s HTTPS ranking boost may serve as a tiebreaker when the quality signals for two search results are otherwise equal. So, having HTTPS will give a little head start on the road to the top.
Firstly, there are different types of HTTPS certificates, so it is needed to find out what kind suits your business the best.
So before buying your HTTPS certificate, you need to know what level of encryption is needed for your business. If you have a credit card option on your site – you need a 128-bit or higher level of encryption. We definitely recommend OV for small businesses also, because statistically small businesses are the ones who are attacked the most.
It’s common that some hosts allow you to enable free DV certificate directly from the hosting dashboard. Unfortunately, this will often cause configuration errors where the traffic is being sent to HTTPS by default, but the HTTP access is also still available. This allows a potential attacker to redirect visitors back to HTTP and gain the credentials and traffic in plain text format even when you thought you were covered.
You can quickly check your configuration with our free scanner here: HTTPS SCAN