Google will soon call out all websites (not just e-commerce sites) for not being secure if they do not switch to https. But what is https and why is it so important to Google now, even on sites that don’t accept highly personal information, such as credit card data?
Https (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of your users’ data between the user’s computer and the site. For example, when a user enters data into a form on your site in order to subscribe, to get either email updates or purchase a product, https protects that user’s personal information between the user and the site (Source: Google). Https encrypts your website data and secures it from others. Data cannot be modified or corrupted during transfer. And https proves that the user is communicating with the intended website (aka: authentication).
Starting sometime in early 2017, Google will start flagging non-https sites as being “insecure.” And the change will affect all types of sites, not just those with shopping carts, and not just desktop browsers, but also mobile. Beyond the actual security issues involved with having a non-https site, the perceived integrity issues could be your biggest plague. Customers will be flashed a warning about your site’s lack of security by Google and thus given a choice to proceed. There’s no telling how many will bounce away immediately rather than risk spending time on your site.
The switch to https encryption may not be such a big undertaking for large companies, but for smaller ones with a tighter budget it could seem daunting.
Small Business Trends provides a concise list with regard to changing from http to https:
Purchase an SSL certificate, they are very inexpensive.
Install your SSL certificate on your website’s hosting account.
Make sure that any website links are changed from http to https so they are not broken after you flip the https switch.
Set up 301 redirects from http to https so that search engines are notified that your site’s addresses have changed and so that anyone who has bookmarked a page on your site is automatically redirected to the https address after you flip the switch.
We don’t want to get too technical in this blog today (stay tuned for another post) but it’s worth a mention that there are many related issues and technical considerations involved in this switch. Most business owners will need the help of a website developer or hosting provider who fully understands them. Included are things like:
Configuring your server
Preparing a list of URLs and mapping them from the http structure to corresponding locations on the https site
Investigating/verifying that all external scripts and images work with https
Ensuring that all “rel=canonical” tags within your HTML point to https pages
Updating robots.txt and sitemap.xml with corresponding https links
Updating your website URL in social networks, Google Analytics, and other tracking tools
Creating a new https entity in Google Search Console
Updating external links on websites linking to your content
Ensuring Google can index and serve your content under your new URLs
Monitoring the https website daily with Google Search Console and Google daily with Google Search Console and Google Analytics to find any Google issues (Source: SSLS Blog)
Don’t let all this jargon scare you. You don’t have to remember it all. As we mentioned, this process can seem daunting to a small or midsize business owner. But rest assured, it’s business as usual for an experienced website developer and your hosting partner. It just may take some time.
Keep in mind that the switch may cause a temporary decrease in traffic and rankings, but should quickly return to previous levels or possibly be slightly boosted. (We’ll explain this in greater detail in a follow up blog on migration steps for HTTPS, but if you have any questions please email us.)
Good content is still number one with Google as far as rankings, but must be combined with the https switch to ensure ranking, security, and integrity of your website.
It is imperative that b-to-b companies (especially small to medium size technology, advanced manufacturing, and software companies with bigger competitors) start early rather than late on this endeavor. The risk of being categorized as an insecure site should serve as incentive. Customers or potential customers searching for products on your site may likely never come back if they see Google’s red flag/insecure site warning. Https protects the integrity of your website AND the privacy and security of your users.
Potential intruders include intentionally malicious attackers, and legitimate but intrusive companies, such as ISPs or hotels that inject ads into pages. Intruders exploit every unprotected resource that travels between your website and your users. Images, cookies, scripts, HTML … they’re all exploitable. Intrusions can occur at any point in the network, including a user’s machine, a Wi-Fi hotspot, or a compromised ISP, just to name a few. For example, unethical competitors may attempt to steal your company information or customers.
Additionally, progressive web apps will require explicit permission from the user before executing. Https is a key component to the permission workflows for new features and updated APIs (Source: Google Developers).
We hope this introduction to Google’s new https security move has been helpful. We wish you success with the switch.
This is another blog in our continuing effort to prepare your high-tech B2B company for future trends, technologies, and practices that will affect your business success. Keep an eye out for our next installment and be sure to read our previous blog posts.