implement ssl (i know, i sound like a broken record):

OK, so I know I'm going to sound like a broken record here... as I wrote this article last week, but it's a serious thing and becoming more and more serious every single day. Website security, another branch in the very large tree of cyber and digital security is one of the easiest things you can improve to greatly decrease the chances of a security breach online.website security, SSL, TLS, Google Chrome, https

However, the reason for this post is a recent announcement by Google regarding the Chrome web browser. Google announced that starting in 2017, Chrome will start 'flagging' websites that use http instead of the encrypted https - essentially Google will start flagging websites that don't implement SSL (secure socket layer). This flag will serve as a warning for people visiting your website that their connection is not secure and cannot necessarily be trusted with information (we'll discuss why this is important later).

Essentially it is about to become more important than ever to run SSL on your website and there really are no reasons not to. It's easy, it's cheap, and it will instill trust and faith in visitors to your site.

Need to increase your website's security right now? Click here to get 5 things YOU can do right now to increase your site's security!

 

1. Google's chrome is the most popular web browser in the world

Let's face it, if the news that came out was that Opera web browser was going to start flagging http websites, this wouldn't be much of a story. However, Chrome is the most popular web browser in the world. By some stats, it makes up over 50% of all internet traffic, so when they make a change people pay attention. With that kind of browser usage the amount of influence that Google has with Chrome is unreal (like Google needed any more influence... but I digress...)

This simply adds up to, people are using Google's Chrome to visit your website, in fact, there's a good chance that half of all visitors coming to your website are using Chrome - and you really don't want them flagging your site as a security liability.

 

2. What does SSL do? why do I need it?implement ssl security website

SSL stands for Secure Socket Layer(s). Another acronym that has become synonymous with SSL is TLS which stands for Transport Layer Security. Essentially, SSL and TLS are layers of encryption for data that is exchanged between two internet connected devices, like a server and your computer.

When you visit a web page that isn't encrypted, web page data is transferred over the open web free for all to see. What do we mean by that? We mean that anyone that chooses to 'listen' can intercept this data, and analyze it. This is a common tactic for hackers that are out to steal personal information.

When you visit a web page that is encrypted with SSL/TLS, the data is scrambled (encrypted) before being sent back and forth from your PC and the server where the website is hosted. The data is then decrypted (using a special key) at the server or your computer. This means that even if hackers 'listen' and steal that data, it is scrambled and unreadable to them rendering any information they are looking for useless. 

SSL/TLS ensures that all communications between visitors to your website and your website's server are fully secure. The visitors experience can't be altered in any way, and any information that they exchange on your website (like contact info, email, name, company name, etc) is fully protected when being transmitted to your server. Without SSL/TLS, this information is at great risk every time a visitor submits a form, or fills out an email request.

 

3. SO WHAT DO YOU MEAN FLAG? WHAT WILL IT LOOK LIKE?

At this point, we don't know exactly what it will look like but there has been some information on the general concept. It seems right now that Google will display "non-secure" in the URL bar on any website running on http that has form fields for passwords or credit card information. However, the long term vision is to move completely towards marking all non-secure websites with this flag.

So right now, it seems that the flagging will be limited to the URL bar, however, that's not to say this won't have a huge impact, the URL bar is a big part of web browsers and something visitors look at when evaluating a website. 

 


the bottom line:

The flagging of non-secure websites is a huge development. A major player like Google starting to flag non-secure sites is a huge step towards moving the internet towards 100% encrypted communications. More encryption means a significant improvement in the security of the web. Identity theft is the fastest growing crime in the USA and stealing information through the hacking of websites is a major contributing factor.

The bottom line? Encrypt your website and implement SSL. It really isn't very difficult, there are tons of resources and help out there to get your site encrypted. It's not expensive (about $200-$300 a year depending on the type of SSL line you require) and it will add a major layer of security to your website.

Thanks for reading! Be sure to check out our security checklist here - it contains 5 easy steps that YOU can do now to significantly increase the security on your website. 

 

website security, cms, wordpress, drupal

 

About the author

Steven Milne

I'm Steve and I'm a co-founder and CFO at Digital 1. I am responsible for helping companies grow through lead generation anchored by Inbound Marketing. I also have a background in digital and cyber security. I very much enjoy writing and blogging at Digital 1. I love helping companies realize their website's potential. It's always so satisfying to see their online presence expand and generate business essential to growth.

Subscribe to our blog!

NAVIGATION

Subscribe to our Blog!

digital-one-logo-horizontal-black-and-white-copy-2-4.png© Copyright 2016 Digital 1

Digital 1 - Digital Inbound Marketing. Digital Security