Why your website must be SSL encrypted or risk being penalised by Google Chrome
Google Chrome is calling time on unencrypted websites as part of a campaign to ensure all data passes through a safe and secure channel. This campaign includes changes to SSL with all websites required to have an SSL certification or risk being penalised by the browser with far-reaching consequences.
These changes will also protect users from the risk of their data being hacked or stolen whilst browsing online.
The reason for this is cybercrime figures from a UK government Cyber Security Breaches Survey showed 24% of all businesses had experienced a security violation or attack in the last year. This figure increases to 51% and 65% for medium and large businesses respectively. Large businesses suffer the most with 25% of them experiencing a security intrusion or attack at least once a month.
The average cost of a security breach or attack is £2,620 for small to medium sized businesses, rising to a whopping £32,300 for large businesses.
What is the most common type of security breach? Malware or ‘malicious software’ gains illegal access to a computer, with the aim of stealing information or disrupting its functionality. Included within this are viruses and spyware.
A worrying state of affairs but help is at hand in the latest version of the Google Chrome browser with beneficial changes to SSL.
What is SSL?
SSL is an acronym for Secure Sockets Layer and is an industry standard form of technology that converts or encrypts plain text into code only accessible via a special key or password. In other words, it forms a secure connection for sensitive data such as credit card details.
Websites with SSL certification have a padlock symbol in the far left of the address bar followed by ‘HTTPS’, denoting it as a secure connection.
Various companies including Chrome are pushing for encrypted websites and universal adoption of HTTPS, replacing the current HTTP protocol (HTTP appears at the front of a website address).
Chrome steps into the SSL breach
On the 31st January this year, Google Chrome released OS 56, their latest version of their popular web browser with an important development – labelling unencrypted (and unsafe) websites as ‘not secure.’
Google’s grand plan is for all websites to be encrypted, protecting data as it travels between web server (i.e. website) and the user. This is particularly important concerning login and password pages and those that ask for credit card details.
Any website that allows sensitive data to be transmitted needs an SSL certificate, acting as proof of its security credentials. Think of it as an extra layer of security for your information.
There are three stages to their ‘remove HTTP’ rollout:
- With this release, a ‘not secure’ message will display in the address bar of any website that does not have SSL certification (and is not using HTTPS).
- In the next release, Google Chrome will label non-HTTPS web pages in private mode (also known as Incognito mode) as ‘not secure.’
- The third release will see Google Chrome label all HTTP web pages as ‘not secure.’
Do not ignore this.
It is tempting to think it will not affect you but the last thing you need is ‘not secure’ messages appearing on your log in and password pages and/or an online payments page.
The importance of SSL certification
A failure to install an SSL certificate places you at risk of cybercrime, for example, a security breach. It also affects your reputation in that visitors to your website will view it as less trustworthy/unsafe and go elsewhere. The result is a noticeable increase in your ‘bounce rate’ and a subsequent decrease in conversions, affecting your sales and turnover.
This is especially important if you have a WordPress website, as visitors who log in to your site will see a ‘not secure’ message: leading them to assume it has been hacked or compromised in some other way. Either way it is bad news for you and your business.
Obtaining SSL certification and extra security
We would recommend that you contact your web host about SSL certification and having it installed on your website. There will be a fee for installation plus an annual payment, keeping you doubly safe and secure.
In addition, it will boost your SEO by showing proof of your trustworthiness, making you an attractive proposition to Google. You will also be able to track visitors from equally secure websites (HTTPS) that will help with your analytics.
We hope this article has convinced you about the benefits of SSL certification and the recent changes via Google Chrome. However, if you would like to discuss this further, our expert team is here to help. Our Contact Us page contains details of how to get in touch.
March 23, 2017
January 1, 2017
February 4, 2016