Throughout the last few years, there have been a lot of reports of data breaches on banks, credit cards, and companies. These breaches have put your personal data – including your name, social security number, credit card numbers, passwords, etc. at risk. These breaches have come from someone hacking into a server of a company and stealing the data.
A little less known source of a breach is when hackers “listen” over the internet and steal information that is being sent/received through a non-secure connection. This can be done when you are using a public internet service (ie. At a restaurant when you are using a non-password protected wi-fi connection) AND maybe more commonly, when you transmit personal information over the HTTP protocol.
There are two common protocols to share and transmit information over the internet. One is HTTP and the other is HTTPS.
What is HTTP vs HTTPS?
HTTP is the fundamental technology for sharing and transmitting information over the worldwide web. The moment you open your browser and do a Google search, you are using HTTP technology. Simply put, HTTP is a set of rules for sharing graphical or textual files over the internet. HTTP is not secure and is easily vulnerable to cyber attacks and information theft.
When you type in a website address (or search for it), and you see http:// in the address bar, or in many cases – you may just see the website name, that means anything you send to that website or look at from that website is not secure and anyone with the know-how can be watching (yes, Big Brother may be watching you).
Here is an example of what this looks like on a Safari browser:
And on a chrome browser:
If the user clicks on the “i” in the browser window, it will tell the user that “Your connection to this website is not secure”.
After July 1, 2018, Phase 3 gets implemented and the URL field will show a RED explanation mark next to “NOT SECURE” also in red.
The HTTPS protocol is the HTTP protocol with a security measure in place. In order to get the “S”, you have to buy an SSL certification. There are 3 levels of SSL certifications. The one you need is based on the type of information you collect from your website visitors.
1. Domain validation – the cheapest and most basic; it basically only encrypts the data being sent and received.
2. Organization validation – the mid range in both protection and price. If you are collecting credit card numbers or personal information, this is the minimum option you need.
3. Extended validation – the most expensive and the most secure option. This option is used mostly by banks and big e-commerce sites or other sites that collect sensitive personal information.
There is a great article about the types of SSL certificates at http://www.hostingadvice.com/blog/choosing-ssl-certificate-made-easy/ and when it is appropriate to use each type of certificate.
This is what a Domain Validation site looks like on safari:
And on chrome:
Advantages to converting to HTTPS:
Comfort to your users
The obvious advantage to converting is to give your site visitors the comfort of knowing their information is secure. It is very scary to some users to see a notice that says the site you are visiting is not secure.
Depending on the knowledge level of your average user, even if you are NOT collecting any data at all (you are just an information site), seeing that message may have your potential customer leave your site and find someone else that does have a secure site. (I’m thinking of my mom right now – and probably a lot of people in her generation and other generations that don’t really know anything about the internet and would not fully understand the message and just quickly leave the website so nothing bad happens).
Search Engine Rankings
Another reason is that Google is giving a slight boost to websites in search engine results to companies that have the https protocol. Now this is not to say you will jump from page 10 to page 1 – but all things being equal, Google will give the ranking to the website that has an SSL certificate over a company that does not.
Better Security from being hacked
How to Convert to HTTPS
There is no one answer for this question. The conversion will all depend on the company that is hosting your website. Some companies off their own SSL certificates and others do not. Some companies will assist you in your switch over, some will not.
First determine the type of SSL certificate you need and then go to your hosting provider to see what they offer.
Don’t forget – once you convert!
Once you convert to https, don’t forget to update all your links to the new address. This will include Google Search Console, all your social media pages, etc. There are some plugins that can help you with this – again it is best to contact your hosting company.
There are many benefits to converting your website to an HTTPS site. Once you contact your service provider, you will know all the necessary steps to do the conversion. Make sure you make a back up of your site before you convert it and then test it to make sure everything is functioning correctly