The difference between ‘HTTP’ and ‘HTTPS’ on a website URL may not be noticeable or significant to most people but there are huge implications for not having HTTPS.
With the launch of Google’s Chrome 68 browser, when it will start to flag all non-HTTPS websites as ‘Not secure’, HTTPS is becoming a standard for all websites for a more secure web as Google has been advocating it for many years.
The SSL certificate shows trust and authority to your website visitors and HTTPS encryption ensures the security as well as data integrity. HTTPS can protect the information exchanged through a user’s connection by encrypting the information so that the user’s data cannot be stolen or their activity tracked. It ensures data integrity and prevents information from being corrupted while transfer. It provides authentication which protects against malicious attacks.
People are often confused with the terms SSL and HTTPS and they are frequently used interchangeably – an SSL or SSL Certificate is essentially a product that can be purchased and installed on your web server, whereas HTTPS or HTTPS encryption is the result of applying that certificate on your website.
What is an HTTPS encryption?
HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP (Hypertext Transfer Protocol), where the extra ‘S’ stands for ‘Security’. HTTPS applies an encryption on the bidirectional information exchanged between a browser and a web server to prevent someone trying to steal any information through a website.
What is an SSL Certificate?
An SSL (Secure Sockets Layer) Certificate is a set of data files which can be installed on your web server, and it results in applying an HTTPS protocol on a website. It also showcases a recognised green ‘padlock symbol’ with the word ‘Secure’ in the website URL and includes the HTTPS:// prefix.
Currently, a website without an SSL encryption may display the regular HTTP:// or just the letter ‘i’ in the prefix of the URL, which upon clicking shows the message ‘Your connection to this site is not secure’. Any website without an HTTPS encryption will display a prominent red insecure warning sign in the URL from July 2018.
Here are 5 reasons why you should go for HTTPS for your website:
1. HTTPS provides security and integrity of data, and protects from malicious activity and intrusions.
Hackers and intruders are always looking to exploit vulnerable websites, including unprotected information exchanged between your website and users. Malicious attackers and intrusive companies exploit unprotected websites to steal information, install malware, inject ads or unauthorised links and create security vulnerabilities. HTTPS protects against man-in-the-middle attacks. The encryption of data and communications exchanged between a user and server protects against tampering of the communication and eavesdropping.
2. GDPR Compliance – HTTPS protects the privacy of your website users.
The GDPR (General Data Protection Regulation) came into effect on 25th May 2018. GDPR was designed to protect the privacy of personal data of EU Citizens, harmonise data privacy laws across Europe, and to reshape the way organizations across the region approach data privacy, it applies to anyone doing business in EU irrespective of their location. Non-compliance with the GDPR can result in imposition of massive fines on businesses.
GDPR has clear requirements that can only be addressed through the implementation of HTTPS encryption. Every unprotected HTTP request can potentially reveal information about the personal data including identities and behaviours of your users to intruders and hackers. The principal motivation for HTTPS is protection of the privacy and integrity of the exchanged data while in transit and authentication of the accessed website.
Article 32 of the regulation (“Security”) states:
“Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
- the pseudonymisation and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services”
GDPR states that regulated information must be protected with ‘appropriate technical and organisational measures’, which includes encryption of personal data and the ability to ensure the confidentiality and integrity of systems and services, thus HTTPS fulfills this requirement for the component of data protection.
3. HTTPS and SEO ranking factor
In order to achieve and retain higher rankings in Google search results, there are many best practices for Search Engine Optimisation. Whether websites use secure, encrypted connections has been a signal in Google’s search ranking algorithms since 2014. Also, websites with HTTPS load much faster than the HTTP sites, and speedy websites are likely to rank higher in Google. Google favours a website that has followed its standards and guidelines for a good SEO.
Better SEO leads to better Google rankings which can lead to more traffic on your website, and with more visitors seeing a secure and trusted website will use it over a non-secure one, thus improving your website’s click-through-rate.
4. Google will flag all non-HTTPS websites as ‘Not Secure’
Google advocates secure HTTPS websites and has been voicing for a secure web for years by encouraging webmasters to make the migration to a secure website.
Starting July 2018, Google Chrome browser will be flagging all websites without an SSL encryption as ‘Not secure’, thus any website without an HTTPS encryption will display a prominent red insecure warning sign in the URL.
5. HTTPS builds trust and authority.
Website visitors are highly likely to be alarmed by insecure warnings on websites and will abandon any activity or purchases on a non-trustworthy website. HTTPS encrypted websites are more safe and secure and are likely to build trust and authority for your customers for further engagement on your website.
In conclusion, HTTPS is an important step to protect your business and the data of your customers, as well as to maximise confidence in your website.