If you’re not the world’s most tech-savvy business owner, you may have missed the boat on the HTTP versus HTTPS discussion. Don’t worry. We’re here to fill you in. Here’s what’s happening:
What is HTTP?
Hyper Text Transfer Protocol (HTTP) is the protocol through which data is sent from a person’s desktop or smart phone to the website he is visiting.
What is HTTPS?
HTTPS is a similar protocol, but with the added (and essential) benefit of web encryption. The ‘S’ at the end of this acronym stands for ‘Secure’. You may have noticed a little padlock icon that has begun to appear next to certain company addresses (see below). Web browsers like Internet Explorer, Firefox and Chrome use this padlock to indicate that all communications between a visitor’s browser and the destination website are encrypted. HTTPS has long been used to protect online transactions used in banking and online shopping.
Why does HTTP or HTTPS matter for my business website?
If you accept credit card payments directly on your website, you definitely need encryption in place to protect your customers’ credit card information. If you offer quote request forms (where visitors enter their addresses, phone numbers, and other data), you should also seriously consider this switch.
Sadly, the Internet is crawling with criminals and hackers. These guys can see and steal—even alter—any information that is sent from your customers to your site’s server. If you’re having trouble wrapping your brain around what this means, imagine a tube that runs between your customer’s computer and your business website. With HTTP, the tube is transparent. Anyone can see what’s inside. With HTTPS, the tube is all wrapped up. No one can see its contents except for the intended recipient (you), looking through the opening at the other end.
What is happening now that makes HTTPS even more important?
Beginning July 2018, Google’s Chrome browser will flag every site that doesn’t use HTTPS encryption. This is an update set to happen with the launch of Chrome 68, but it’s not the first time Chrome or Google has stressed the importance of secure transfer protocol. (Several years ago, Google put out the call for ALL websites to beef up their security.) Technology experts have been urging sites to encrypt for years, and for reasons beyond just privacy and confidentiality. For example, unsecured sites may open the door to the injection of spyware, or malicious ads getting displayed to your users.
Why should I care about getting flagged?
Getting “flagged” is kind of a big deal. If you don’t have an HTTPS website, Chrome will alert people that your site is “not secure,” and prominently highlight this fact in the user’s URL bar. Even if your business does not collect online payments or require customers to log in, the notice may frighten some people away.
Roughly two thirds of all Internet searches are conducted through Google. If a significant number of customers find you or contact you via the Internet, you run the risk of losing all that business when Google starts telling them your website is unsafe. (See below.)
Additionally, we know that Google uses HTTPS as a ranking signal. So if you’re trying to get ahead of your competitors when customers search for “contractor” or “landscaper” or whatever it is that you do, having an HTTPS website will give you an edge over other local websites.
How do I update from an HTTP website to an HTTPS site?
It’s not as complicated as you may think, but if you have any doubts in your DIY tech abilities, it might be best to contact your web developer. Here’s a complete guide on switching from HTTP to HTTPS. Meanwhile, as you’re thinking about your business and your customers’ online security, take a minute to learn more about cyber attack insurance. You might be surprised by some of the facts.