Google’s not kidding. It’s time to go to HTTPS

Google’s not kidding. It’s time to go to HTTPS

We received an email this week from a local business announcing the launch of a new website.

We took a look. It’s pretty sharp. One of the many things Thinker does is design and build websites — Forest City Gear and Poopsie’s are two good examples — so we like to look over the work of others.

Rob Davis, who heads our managed IT offerings, noticed something else right away. The just-completed site was an HTTP, not an HTTPS. It doesn’t have an SSL certificate and is not secure.

You can find a lot of HTTP sites that haven’t been updated. For newer and smaller sites, converting to HTTPS is quick and painless. For older sites with lots of data, it’s more time-consuming but eminently doable. It’s a service Thinker offers as part of our web-hosting package. We found it curious that someone building a site wouldn’t take the additional step to make it HTTPS because beginning in July, if someone using Google Chrome or Firefox clicks on that site, they’ll get this message: “Not Secure.”

With all of highly publicized data breaches in the past couple of years — Equifax in 2017, the Democratic National Committee in 2016, Ashley Madison in 2015 — having a “Not Secure” message pop up when you visit a site is a pretty big incentive for someone to not do business with you.

Chrome now commands more than 60 percent of the web browser share; Microsoft Edge is a distant second at 12 percent. So being called out by Chrome is not a good thing, and it’s just the latest move by Google to “encourage” more websites to adopt a secure encryption standard for data in transit. In 2014, Google confirmed that it was giving sites that use HTTPS better rankings in search algorithms. Considering how much time and money some people spend to get their sites ranked higher on Google, getting an SSL certificate is about the easiest thing you can do.

Those are two pretty big reasons that if you haven’t gotten your SSL certificate, you should by July 1. Here are some really good technical reasons, courtesy of

  • Even if your site doesn’t sell items and require financial information, you should should get an SSL certificate to make sure you have enhanced security for important email messages, keeping text messages private, or creating a secure tunnel for data coming from unsecured connections. If the data aren’t encrypted end-to-end, hackers can intercept data sent in a readable format.
  • Certificates can be extended to devices and user accounts. This means the sender and receiver can be confident of the integrity of the message and allows recipients to verify if the message was tampered with.
  • People with any web savvy will notice whether your site is secure. And if you’re trying to sell items on a nonsecure site, good luck. Here’s the standard web-marketing flow: You use social media to drive people to your website. You use your website to collect email addresses. You use those email addresses to directly market back to the people who provided the addresses. After Equifax and the other data breaches, users are far less likely to give email addresses to nonsecure sites.

The bottom line is, you are literally stopping in midstream your ability to market to someone who already liked you enough to visit your site. That’s not good business. Get your SSL certificate.