Website owners, your organization has until July to adopt a minimum-security standard for your site or have it declared unsafe. If you have not switched your site from the HTTP protocol to the more secure HTTPS standard by that date, Google will flag your website as insecure.
Google is taking this action to alert everyone that HTTP sites provide no data protection. If you’re searching for medical treatments, risqué lingerie or anything else you don’t want public, anyone potentially could see your online activity.
The HTTPS standard encrypts data traveling between a computer and your web server, as seen by the padlock icon in your address bar. HTTPS also validates your website as authentic and not a fake site infected with malicious code.
Whether you’re a nonprofit, small business, or have a 4- page website, your organization still must adopt the HTTPS security standard. Otherwise, your customers, donors, members and other visitors will be greeted with a “Not Secure” message in red letters or similar indicator that your site is not secure. Not exactly the message you want to send visitors.
How do you migrate your site from HTTP to HTTPS?
The first step is to buy a SSL certificate, a digital certificate that installs small data files on your web server to secure connections. Summit can recommend the right type of certificate and procure one for you, or you can buy one yourself from another provider.
There are three general types of SSL certificates:
- Organization Validation SSL certificates should suffice if your site is informational, with no e-Commerce. These certificates display a padlock in the visitors’ address bar to assure visitors that you are who you claim to be, and not a fake website.
- Extended Validation certificates validate not just domain ownership, but business identity, legal status and address. The certificate adds your website’s name next to the HTTPS padlock.
- Wildcard SSL certificates cover the site and all of its subdomains. Example: website.com/services or mobile.websitename.com
Purchasing a SSL certificate is the easy part; you will need a knowledgeable web application professional to migrate your site. We have experienced multiple instances of website migration gone wrong, simply due to webmasters without the experience to know all the requisite steps.
An Insecure Site is Vulnerable for Public Wi-Fi Users
There’s something else you should be aware of about insecure websites. When your customers, prospects, job hunters, a long lost cousin etc. go to that coffee shop, airport, hotel or other place to use public Wi-Fi, anyone with malicious intent can inject harmful content onto the page they are viewing if the site is not secured. That malicious content won’t affect your site, but will affect the person viewing it. You spend a lot of money to build your brand. Don’t jeopardize it for the sake of a SSL certificate.
Of course, you can skip all of this—the need to buy and install the HTTPS standard if you have an advanced secure hosting environment for your website, like the one we use at Summit. The layers of security we put in place include the SSL installation, as well as a guarantee that if your site goes down, we’ll put it back up.
Whatever you do, do something, or face public shaming by Google come July.
Questions or concerns? We have answers, and it costs nothing to throw questions our way. We’re happy to discuss the options, costs, time required or other website issues. Our IT engineers and application developers have been doing this for years.