Five Reasons Why Website Owners Urgently need to implement Security
Secure Website Connection – Secure Sockets Layer (SSL)
All Websites Need To Be Secure
WARNING : There is a push by some major players on the internet to force website owners to implement security using SSL the (Secure Sockets Layer) protocol by 2017 and there are real penalties for websites that do not implement SSL
SECURE WEBSITES EXPLAINED
Most websites currently use the insecure HTTP connection.
This means that the identity behind the website is not verified, and the communication between a device (computer, tablet, smartphone etc) and the website being visited is sent in clear text and can be intercepted and read by others.
To make a website secure the owner needs to purchase and install a security certificate called SSL (Secure Sockets Layer).
SSL certificates are issued by recognized authorities and will verify that the website and those behind it are legitimate.
The verification confirms to visitors that you are who you say you are giving them confidence.
This helps protect a website against phishing which is when another site attempts to impersonate a legitimate site.
The second thing an SSL certificate provides for a website is privacy by encrypting the communication between the device and the website.
This means that your communication can not be intercepted and read by anyone else.
This is particularity important for websites that handle sensitive data such as passwords and financial records.
This encryption all goes on behind the scenes and is indicated to the user in the address bar by either the URL (website address) being preceded by HTTP: // (insecure connection) or HTTPS:// (secure connection)
There are other indicators of a secure connection which are dependent on the browser and trype of certificate being used. These include a closed padlock appearing before the URL, and part or all of the web address bar being shown in green.
FIVE REASONS WHY WEBSITE OWNERS URGENTLY NEED TO IMPLEMENT SSL
The five ways website owners will be
forced encouraged to switch to a secure connection:
#1 Browser Warnings
Users visiting websites not using SSL will start getting warnings that the site they are visiting is not secure and potentially dangerous.
Chrome is Google’s own web browser and they have just announced major changes commencing in 2017 with regard to website security that will impact on almost every website and potentially cause confusion and concern to visitors.
In September Chrome announced that beginning in January 2017, they would start flagging websites that use the insecure HTTP connection to transmit passwords and credit card data as insecure. A warning will appear in the address bar of the browser and will call users’ attention to the fact that their personal information could be snooped or stolen. This is a good thing and anybody aware of security should welcome this change.
The concern is that they plan to eventually roll this out to all websites.
They have indicated that this warning will next be rolled out to HTTP pages when a user visits them in the browser’s “Incognito” mode, and finally the warning will roll out to all HTTP pages. This means that if a website does not have an SSL certificate installed providing secure encrypted connections (HTTPS://), then the browser will issue a warning that the site is unsafe.
This can potentially cause confusion and concern with visitors that the website they are visiting is insecure and even dangerous.
Both Mozella (Firefox) and Apple (Safari) have announced similar initiatives with their browsers and earlier this year Apple also announced that it would require app developers to force HTTPS connections for iOS apps by the end of 2016.
#2 Reduced Functionality
Certain popular and powerful browser features will no longer be available on non secure websites.
Google Chrome is also only deploying certain popular and powerful features to sites with SSL/TLS. One of these features is Geolocation. With version 50 and beyond, Chrome will no longer support obtaining a user’s location on HTTP sites. So, if a website wants local visitors to find their physical location, they need to install an SSL certificate on their domain.
#3 Search Engine Rankings (SEO)
Secure websites will be ranked higher on search engines.
Back in August 2014 Google announced the SSL/HTTPS would be a ranking factor for their search results.
In 2015 I made a video about this and at the time the SEO benefit seemed negligible. As is often the case with Google they announce things in advance of full implementation and I suspect this is the case with SSL certificates.
Check out what I had to say back in 2015:
I expect to see the Google search results reflect this move to secure website connections.
Google made an unmistakable announcement back in 2014 that it would start factoring SSL/TLS into its ranking algorithm. While the impact was fairly minimal at first, the positive effect an SSL certificate has on search results has continued to increase as the community pushes all sites towards encryption.
Websites with SSL are now experiencing as much as a 5% increase in search visibility compared to sites still only using HTTP. Also, referrer data is always preserved and much improved over HTTPS. This allows for greater keyword analytics and analysis for where a site’s traffic is coming from.
#4 Slower Website Access
Only secure websites can take advantage of the new faster HTTP/2 protocol that is currently being rolled out.
HTTP/2 is the first major revision of the web’s HTTP protocol since 1997 has recently been ratified by the Internet Engineering Task Force (IETF). Currently, HTTP/2 represents about 18% of global traffic and will continue to rise exponentially. The main benefit of HTTP/2 is significantly faster load times – between 20-30%!
While the HTTP/2.0 protocol does not require a secure connection, most implementations will only support HTTP/2 when it is used over an encrypted connection, and currently no browser supports HTTP/2 unencrypted
#5 Reduced Email Delivery
Email sent from non secure domains will be treated as suspect by some services and users warned that it may be unsafe to open
Gmail are now marking emails that are sent from non-secure mail servers. Per Netcraft, 82% of mail servers are not utilizing a publically trusted SSL certificate. In response to this, Google has started marking emails in Gmail that are sent from mail servers without SSL/TLS. Once a mail server has an SSL certificate installed on it, Gmail recipients will be told that the email they open was delivered from an encrypted source, along with a link to learn more if they are unfamiliar
HTTP WILL SOON BE A THING OF THE PAST
YOUR WEBSITE NEEDS HTTPS
It’s time to start preparing for the future of a totally encrypted web
In 2017 all websites need to provide their visitors with a secure connection or get left behind. Until now only e-commerce and websites that dealt with sensitive information were considered to need an SSL certificate. These changes will effectively force all website owners to move to using a secure connection or be penalized. You can ignore this change, and I suspect most website owners will, but those that make the change will have an advantage of those that don’t.
With major players pushing for secure website connections it makes this move is something I believe every website owner can’t afford to ignore.
According to a February 2016 Netcraft report, only 3% of websites today deploy SSL/TLS encryption. In turn, this means that a whopping 97% of websites currently lack basic security. This is a shocking and frightening statistic, especially in an era where 90% of large organizations have been hacked or breached and 74% of small-to-medium sized businesses have suffered attacks as well.
CONSIDERATIONS BEFORE IMPLEMENTING AN SSL CERTIFICATE
Most hosting will allow you to install an SSL certificate but some cheaper hosting may not. You need to check with your current hosting to determine if you can install an SSL certificate. The majority of websites, especially on cheaper hosting, use a shared IP address. This was a problem in the past but with the latest webservers you no longer need a dedicated IP address.
Be aware that you may also need to edit some of the pages on your website to ensure every object (such as an image) is referenced using HTTPS otherwise a warning will appear in the browser which is exactly what you are trying to avoid in the first place.
SSL certificates have become more affordable in recent years. There are many different types of certificates available with different levels of trust and authority. You can buy a basic SSL Certificate from as little as $10, and this is all most websites will need unless they are engaged in ecommerce or use forms to collect or display confidential information.
Installing an SSL certificate will be a little bit daunting for most website owners as it requires logging into the back end of the website and following a process that many will find confusing. Not all hosting will provide you with access to the backend and you may need to request the host install the SSL certificate and there may be a charge for this.
LET THE VIRTUAL WEBMASTER DO IT FOR YOU
The Virtual Webmaster can help you select and install the most appropriate SSL certificate for your website, but the best solution is to let The Virtual Webmaster manage your website. A basic FREE SSL Certificate is included with all hosted website management packages.
The Website Management Packages can take care of the following:
- Daily Checking & Monitoring
- CMS Management
- Proactive Website Security
- Backup Management
- Offsite backups
- Performance Reporting
- Secure Cloud Hosting
- Content Delivery Network (CDN)
- SSL Certificate
- Hacking Protection Guarantee
- Staging Mirror
The Virtual Webmaster is so confident that your website will be secure that they provide a Hacking Protection Guarantee.
Is your website ready for 2017?
About the Author
Christopher is an IT specialist with 30 years of experience in developing technology working with corporates and SME’s. Chris is a Microsoft Certified System Engineer and holds a Bachelor of Science in Information Technology, as well as numerous certificate based qualifications in technology and application development.