Knowledge Hub

Keep up to date with the latest trends and knowledge in the Digital Marketing space
26 Sep
2017

Cybersecurity Update – Google Makes HTTPS Mandatory

Cyber Security | HTTPS | SSL Certificate | Internet Privacy

 

The New Cybersecurity Update

There is a good chance, beginning in October 2017, visitors to your website might see it being flagged as an unsafe environment.

On April 27, 2017, Google released an official statement declaring that any and all websites that have a text input field on their pages would show as “Not Secure” to a visitor if the website has not implemented HTTPS. Google is taking cybersecurity seriously and if you have a website, they want you to take it seriously too.

So far, HTTPS implementation has been deemed mandatory only for websites with password input fields and financial transactions (Credit/Debit card field). However, with the rollout of Chrome 62, Google plans to flag websites running HTTP when users type into any field on the website.

The new warning system is being rolled out to display even when a browser is running on incognito mode, this is being done as browsers are known to use incognito as it provides them with a sense of security, while unaware of the way this mode works.

HTTP Treatment in Chrome 62 (Off & On Incognito Mode)

HTTP Treatment in Chrome 62 | Cyber Security | Internet Security | HTTPS

Click to enlarge

While password fields, card details and text input fields are under the purview of HTTP not being considered secure, Google has hinted towards a possible scope broadening of this initiative. Thus, implying that, in the future, other parameters might be considered “not secure”. With Google’s progress on cybersecurity and the many ransomware and cyber-attacks in 2017, cybersecurity seems to be the topic of the year.

If this has not convinced you to switch to HTTPS as soon as possible. Read on.

 

HTTP & HTTPS – The Quick Rundown

Hyper Text Transfer Protocol (HTTP) is the protocol over which information is transferred over a network when you are connected to a certain website or network. HTTP has been the industry standard for years and has been seen as sufficient up until now.

HTTPS, simply put, is the secure version of HTTP. It ensures that any and all communication between your browser and the website over a network is encrypted or secure. HTTPS boils down to the fact that, your interaction with a website over a network cannot be intercepted by anyone else on the network. HTTPS offers this security benefit, by way of a security certificate issued by a certificate authority.

 

HTTPS – Why You Need It

 Security

Probably the biggest reason for making this switch, HTTPS came into existence as a more secure and safer protocol. Google believes everyone browsing the web has the right to be protected and the right to privacy. Policies and requirements of the world’s largest search engine put aside, as a company with a web presence, ensuring the safety and privacy of your visitors and browsers is a necessity from a moral standpoint.

In the longer run, it can also be expected that focusing on cybersecurity and providing privacy to your browsers would also build some positive brand image for you.

Trust and credibility

Google so far has used a simple exclamation symbol to warn users of the website using HTTP. It all comes down to if the average web browser is aware of what the symbol means. Seems like Google has decided to tackle this gap in knowledge by making the warning symbol prominent and convey the meaning clearly to every type of user on the web, as seen in the image above from the official Google blog piece on cybersecurity.

The detrimental effects of this could be huge. With all internet citizens clearly understanding the warning sign. You could in the long term see your website and brand losing credibility and trust with drops in visits, leads and conversions following soon.

Signs from your analytics

We expect websites still running HTTP to start seeing signs on their analytics once the HTTPS rollouts occur.

Very soon, you would start seeing a spike in bounce rates, drops in leads, conversions and visits. This is directly related to trust and credibility. Visitors landing on your website would be made aware of the security warning and leave. This, in turn, could translate to a lack of returning visitors and negative word of mouth causing further damage.

SEO and SERP ranking

The warning on the website can lead to visitors leaving immediately due to security and privacy concerns and not coming back. Users eventually would not click on your link when it appears on the SERP.

This poses a threat to your website as, according to backlinko, certain parameters such as organic click-through rate, bounce rate, repeat traffic (people coming back), website traffic rates and dwell time (time spent on the site) are speculated to be factors that affect your SERP rank.

While the above is a scenario based on strong speculations within the webmaster circles, you might want to consider the fact that since 2014, Google has been saying that HTTPS is a confirmed ranking signal.

 

The Verdict

In all fairness, the process of switching to HTTPS is technically demanding and we would not be surprised if you said it is daunting. Google’s best practice page on HTTP to HTTPS migration is filled with jargon and admittedly does come across as a challenging process.

However, Google has said that they will continue to work toward improved cybersecurity. They have declared that user privacy and security is paramount. The search engine’s official article on cybersecurity and HTTPS becoming mandatory also has strong implications pointing toward more parameters of website construction being considered “Not Secure” in the future.

In conclusion, it would be wise to migrate your website over to HTTPS to comply with the latest regulations in internet security. Who knows what Google would come back with next as an additional parameter for being secure. After all, almost 60% of users on the web are on Chrome & other web browsers such as Safari, Firefox etc. are expected to follow.

If you have queries or need a hand in switching over to HTTPS, head to our web development and other services page for information and contact us so we can help you become secure.

Watch this space for more information on all things Digital, Online Marketing, Web Design & Development, UX/UI, SEO, Analytics and Advertising.

 

Digital Strategy Consultants Ltd. is an IT & Digital Consultancy agency situated in the Digital Hub in Dublin. Founded in 2012 with a passion for digital marketing and a drive to bring innovation and a new level of best practices to the industry. Following a data and research-led approach, we specialise in – Web Design, Web Development, UX/UI Development & Design, Online & Digital Advertising, Search Engine Optimisation, Digital Analytics & Reporting, Conversion Rate Optimisation & Social Media.

 

Sources:

  1. https://security.googleblog.com/2017/04/next-steps-toward-more-connection.html
  2. https://www.instantssl.com/ssl-certificate-products/https.html
  3. https://www.globalsign.com/en/ssl-information-center/what-is-an-ssl-certificate/
  4. http://www.oncrawl.com/switching-https-priority-2017/
  5. https://www.brightlocal.com/2017/01/06/http-vs-https-website/
  6. https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html
  7. https://backlinko.com/search-engine-ranking
  8. https://www.ifex.org/2013/09/18/why_https/
  9. https://security.googleblog.com/2015/12/indexing-https-pages-by-default.html
  10. https://www.wired.com/2017/01/half-web-now-encrypted-makes-everyone-safer/
  11. https://www.netmarketshare.com/browser-market-share.aspx?qprid=0&qpcustomd=0
  12. https://www.surfeasy.com/blog/google-incognito/
  13. https://backlinko.com/google-ranking-factors
  14. https://www.wired.com/story/2017-biggest-hacks-so-far/
  15. http://www.smartinsights.com/search-engine-marketing/search-engine-statistics/