Blog

HTTPS visual cue 658x194

Google Forces Secure Browsing on Websites

  |   jim's digital lab

Google is doubling down on website security by doing something I consider very heavy-handed. But, when did Google do anything that was less than heavy-handed? However, I have some good news, and I have some bad news, and then I have some pretty good news.

SSL Lock 250x250First, the good news for any of our clients whose websites are already using SSL certificates: you are covered and have nothing to fear from Google. In fact, Google is going help you in a modest way with SEO, and your SSL deployment already ensures visitors trust your website through a “green lock” visual cue in the browser window. In fact, if you are reading this website post on the Communication Links website, look in the upper left side of the URL bar of your website browser. You’ll see that CommLinks.com is already using SSL, and the green lock affirms that we are.

Now, the bad news for those without SSL certificates installed on your websites: you need to seriously consider taking the next step sooner rather than later. You can either have Communication Links, or your current website management company, purchase and install an SSL certificate into your website hosting account to avoid seeing website traffic decline. Why is SSL so important, and why is Google pushing this so hard?

What Is this SSL Thing You’re Talking About?

Here’s the scoop. Hackers and data mining tools are all over the web. The goal of marketers is to have you voluntarily provide information so they can better communicate with you. A data thief has darker motives, and these thieves want to create profiles of website visitors by skimming or stealing Personally Identifiable Information (PII) they can package up and sell on the “dark web.” This includes your name, home or business address, email address, social security number, bank account information and passwords.

Virtually every website includes ways to ask you for that data with the intent of providing you with more information that you may actually want (products you’re interested in buying, contests you may want to enter, even conducting real-time online purchasing). Through sign-up boxes or forms on the website, many website visitors enter their personal information with little thought that the information may wind up in the wrong hands. Frankly, everyone should be wary of a website’s intentions (most are good intentions), and think about what information you’re willing to share through the Internet. Especially if a website is insecure.

Google feels every website needs and should have a secure SSL certificate. That will render the website URL as https:// rather than http://. With Google browsers at 50% or more of desktop marketshare, many users are probably using some of the later versions of Chrome, such as Chrome 55. To more aggressively put fear into website owners’ hearts and minds, the next version of Google’s Chrome browser to be released in January or early February of 2017, Chrome 56, is going to include language and visual reminders that will show the user that a website is “not secure” once you land on a website. We at Communication Links believe that Google’s logic is sound, is a good thing and should be seriously considered for every website. In essence, the medicine is a pain, but it is a cure for insecure data transfer.

To get a little bit more detailed, data sent using HTTPS is secured via a layer of security called TLS, which provides three key layers of protection:

  • Encryption. Encrypting the exchanged data from website forms to keep it secure.
  • Data Integrity. Data cannot be modified or corrupted during transfer without being detected.
  • Authentication. This proves to website visitors that they are communicating with the intended website, not a spoofed website

As an additional benefit of adding the SSL certificate to your website, Google is now using HTTPS as a search engine ranking signal. It is pretty clear from data analysis that HTTPS sites have a ranking advantage over HTTP URLs, so this switch will now benefit all websites that use SSL, whether they glean confidential information or not.

According to Search Engine Land, an industry search organization, their initial tests with the HTTPS signal showed “positive results” in terms of relevancy and ranking in Google’s search results.

How Does This Affect Your Website Visitors?

Not Secure Image 400x194Your website visitors probably won’t know the difference between SSL and non-SSL. All they will see is a warning (similar to the graphic at the right) that may make them believe that one of your website pages has been hacked with malware or some other exploit that might cause their computers and their information to become vulnerable. As a result, your website visitors may…and, in all likelihood WILL…leave your website fast.

This is going to cause non-SSL websites to feel the pain of reduced website visits, fewer pages per visit, lower time on page and probably reduced sales/bookings of tee times or eCommerce purchases. In the latter category, if you are going to sell anything on the website you absolutely need SSL. Many commerce applications, plugins and credit card authorization systems require SSL as a matter of course.

So, Is This Going to Cost You a Small Fortune?

Fortunately, we’re now going to give you some more good news. SSL certificates are not overly expensive considering how much you count on your website to communicate with and support your customers. Typical SSL costs are $70-$100 for an annual license (although some higher-level security certificates are more expensive), and the installation process takes about an hour or so to set up the first time. After the initial set-up, certificates can auto-renew every year, with your website hosting company and the certificate issuer working in tandem to keep this process “hands free” on your part, or that of your website manager.

Non-commerce website owners are not required to install SSL. But, there are going to be ramifications if you do not. While the percentage of Chrome 56 website visitors will be small initially, many have auto-updater as default and they’ll get this update very quickly. Many other browsers such as Firefox, Safari, Edge and Internet Explorer, may follow Google’s aggressive push in this direction as well. Before you know it, most browsers may begin to show the words “insecure” on website pages rendered.

We believe that installing SSL certificates is the cost of doing business in the digital world. With website security top-of-mind for many people who use the Internet, why not provide them with a heightened sense of security when they visit your website? And, if you receive a small bump in your Google SERPs, the investment is worthwhile.

If you have further questions about SSL, how to install it and what it can do for you, please drop me an email at jmartin@commlinks.com.