Time to Upgrade to a More Secure Web
Updated 29 June 2020 (Published 19 July 2016) by Miles in Website design & UX
A whirlwind of convenient ways to store information and purchase goods online has taken the world by storm but behind the shine and sparkle of new technology, a new generation of digital thieves are crawling the web with malicious intent.
Theft of personal information online is growing but Google have made a strategic move to encourage websites owners to protect the safety of their visitors' personal information through the introduction of HTTPS as a search engine ranking determining factor.
A New Google Search Algorithm
In August 2014, Google implemented a new major update into their ranking algorithm, with HTTPS now being validated as a contributing ranking signal. What does this mean for you? In an attempt to make the Internet safer for everyone, Google wants to ensure that websites people access from their search results are secure, so if your website does not have HTTPS enabled then they will purposely rank your website lower than websites that do.
There is a long list of different contributing factors to how Google ranks websites, including keyword relevancy, geo location, mobile responsiveness, page speed, frequency of update and much more. In the blink of an eye, each one of these factors contribute to an overall score that determines your ranking every time you perform a search. The weighting of some of these factors are greater than others, and while the impact of HTTPS started off small in 2014, its importance and influence in the search engine rankings of today has taken a major boost.
What is HTTPS?
To put it simply, HTTPS stands for Hypertext Transfer Protocol Secure and is the secure version of the more traditional and familiar website protocol, HTTP. Websites that use HTTPS are typically displayed with a green lock icon or similar next to the URL in your internet browser:
How https is displayed in Google Chrome
While the appearance of the lock alone may instil some level of confidence with users, there’s much more to it behind the scenes that is the real causality behind the move to HTTPS.
HTTPS is an internet connection protocol that protects the integrity and security of user data as it is transported between the user’s computer and a website. Data sent using HTTPS is secured via Transport Layer Security (TLS) protocol which provides three layers of protection.
- Encryption – the information being exchanged is encrypted to prevent people from being able to decipher their data.
- Data Integrity – exchanged data cannot be tampered with during transport without being recorded.
- Authentication – validates that the user is communicating with the intended source and is not being intercepted by an intermediate server.
How can I get HTTPS for my website?
In order for your website to display as HTTPS, it requires the installation of a security certificate issued by a certificate authority, commonly referred as SSL Certificates. These digital certificates validate that the connection to the intended website matches its digital signature, ensuring a safe connection free of any intrusive and malicious third parties. It’s important to note however that not all certificates are created equal, with some certificates providing a higher level of encryption and validation, or additional features for multiple domains and subdomains.
Depending on the type of service or information that you communicate on your website, you may not necessarily require the maximum level of security. For small to medium size business websites that only submit basic contact information such as name, email, and phone number, an entry level SSL certificate is sufficient enough to protect your website data and satisfy Google’s requirement for HTTPS. Some web services such as Let’s Encrypt even make basic SSL certificates freely available, so all that’s left is to contact your website administrator and get HTTPS set up for your website.
If you have a large business, use complex domain setups, manage credit card submissions through your website, or are simply enthusiastic about protecting your users’ information, then a higher level of encryption through a paid SSL certificate is strongly advised.
Summary
If your website does not use HTTPS then you are already being penalised in Google’s search engine results. The purpose of using a secure protocol is not just to boost your rankings, but to protect user identities, safeguard sensitive data, and ensure a safer web experience for everyone.
If you have any questions about security and which SSL certificate is right for you, contact your website developer and find out how you can enable HTTPS for your website.