HTTP, or the trusty HyperText Transfer Protocol, played a major role in helping the commercial web get off the ground. Times change, of course, and facing a relentless assault on data privacy and security, today’s internet calls for better browser security.
Enter HTTPS, or HTTP over the TLS (Transport Layer Security) or SSL (Secure Sockets Layer) protocols. It exists “to ensure that the communication between the browser and the web server is encrypted,” Wayne Thayer, general manager of Security Products at GoDaddy and member of the CA Security Council, told Small Business Computing. In essence, if some nefarious individuals intercept the HTTPS-protected data, it’s useless to them.
Average users know their browsers is are using HTTPS to securely connected to websites when the comforting lock icon appears alongside the web address, indicating that their passwords, credit card information and other sensitive data isn’t flowing across the internet in an unencrypted form. Sure, “different aspects of SSL have had issues over the years,” including the Heartbleed scare of 2014, but Thayer assures that it is “battle tested” and is one of the most essential technologies site owners can use to protect their visitors.
What’s more, HTTPS is smart business.
Better Search Engine Rankings
Improved security aside, there’s a good reason to embrace HTTPS for your small business website. “Google gives you a bump in your SEO,” said Jeremy Rowley, vice president of Legal at DigiCert and fellow CA Security Council member. The search giant is part of a “big push to move everyone in the industry to HTTPS,” he added.
Two years ago, Google announced it was officially using HTTPS as a ranking signal. Essentially, websites that adopt HTTPS will rank higher in search results than those that don’t.
And the company is leading by example.
“Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default,” wrote Google Webmaster Trends Analysts Zineb Ait Bahajji and Gary Illyes in a related blog post. “That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google.”
Those efforts are paying off.
Follow the Leader
“More than half of pages loaded and two-thirds of total time spent by Chrome desktop users occur via HTTPS, and we expect these metrics to continue their strong upward trajectory,” revealed Adrienne Porter Felt and Emily Schechter at the Google Chrome Security Team, in a Nov. 4 announcement. “A web with ubiquitous HTTPS is not the distant future. It’s happening now, with secure browsing becoming standard for users of Chrome,” they enthused.
As the calendar flips to 2017, webmasters will have yet another good reason to use HTTPS.
In January, Google’s market-leading Chrome browser “will mark sites that have password forms or credit card forms” as non-secure if they collect that information over standard HTTP, warned Thayer. Eventually, Chrome will label all plain HTTP pages as not secure, complete with a scary-looking red icon that alerts users of the potential risks.
To avoid that fate, both Thayer and Rowley are urging all small businesses owners to cloak their websites with the security-enhancing benefits of HTTPS.
Certificate authorities (GoDaddy and DigiCert included) are making it increasingly easier to add HTTPS to their websites. Plus, there are a plethora of resources like the CA Security Council that demystify the technology and help companies extend the benefits of HTTPS to their customers.