All Business Sites Now Need to move to HTTPS

In the last couple of years, a number of high-profile businesses have had large amounts of customer data stolen due to a cyber attack. Furthermore, hackers and other malicious parties are always looking for new ways to intercept the information users send to businesses via the web or gain such information directly from users by deceptive means.

In this blog post, David Midgley, Head of Operations at payment gateway provider Total Processing, outlines why making the move to HTTPS protocol goes a long way to helping to eliminate these problems while also helping to improve a business’ reputation and trustworthiness.

For the uninitiated, HTTPS is a way of securing all of the information that is sent between a website and a browser. It works by adding a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption layer to the basic HTTP protocol, meaning that the information is still being sent in the same way and in the same ‘language’ to each other. However, all the requests and responses are now encrypted before being sent and then decrypted before the webpage loads for the viewer to see.

This means there is less chance of those requests and responses, and crucially the information contained within them, being intercepted and exploited by external forces. More and more people now do their banking, buy their shopping, book holidays and make other transactions online, and all of these actions require them to share financial information or the level of personal information that can be used to commit identity theft. Therefore, it is vital that the websites processing this information make sure they are using a secure channel to send and receive the information.

However, you would be mistaken to think that only sites that send and receive personal and financial details from users need to protect the communications that take place between their sites and a user’s browser. In fact, all the information a site sends through to a browser, be it cookies, java scripts or HTML code, can also be intercepted by an external party who can tamper with the information before it is seen by the end user.

These external parties can range from those with malicious intentions, such as hackers, seeking to trick users into giving them sensitive information or install malware, ransomware and spyware all the way to respectable, well-known organisations looking to present their own adverts to the user.

While the latter is relatively harmless and there is no real ill intention, as their aim is to sell products or promote a service, I would argue the insertion of adverts onto web pages is still an intrusive practice and can be very disconcerting for users as they can begin to feel that they are being ‘followed’ from site to site by an advertiser. In turn, users can then lose confidence in sites where their browsing experience has been interrupted by adverts as they can begin to feel that their browsing history and the information they’re sharing isn’t secure.

I would argue the above is also harmful to a business’ reputation as a company’s website is a reflection of them, and thus, having an insecure website sends out a very negative message about the company.

Furthermore, Google, which accounts for over 80% of all searches, has also revealed that it gives a ranking boost to those who use HTTPS protocol to secure their website. This is a very important point that could potentially have a huge effect on a business, as according to Moz, unless your site is listed in the top four of a search engine results page, it will have a click-through rate of less than 2%. Essentially then, if you’re a small business in a competitive market, you can’t afford to ignore this point, as you are immediately at a disadvantage and have given up ground to your competitors who are using HTTPS if you’re still operating a site that only uses HTTP protocol. In addition, Google have also recently revealed that, from January 2017, they will alert users of their Chrome browser when a site doesn’t use HTTPS encryption, thereby making the link between the use of HTTPS protocol and the security of information transmitted online even clearer for web users.

Therefore, it makes sense to use HTTPS – your users’ personal details are safe, as is other information that can be used to track them, such as their browsing history. In addition, securing your business’ website with HTTPS should also help to instil trust among site users too. Finally, the biggest search engine with the vast majority of all searches has also made it plain that they will give your site a boost in their rankings if you use HTTPS protocol. Arguably, a higher ranking in Google, and other search engines, should also help to further instil trust in a business among consumers and bring business to your site too, as, by ranking a site higher in its’ SERPs, Google is effectively saying to its’ users “this is a relevant and trustworthy site”.

It has to be said that HTTPS protocol can’t protect your site and the information it sends and receives secure from every possible threat, and it isn’t without its’ problems. For example, some would argue that a site using HTTPS is slower than one that uses HTTP protocol, while others could point to the fact that buying and renewing SSL or TLS certificates adds to the costs of a business. However, the effect on page loading time is marginal and barely noticeable to most users, while the page ranking, reputational and security benefits will far outweigh the financial cost of renewing security certificates in the long run too.

For these and many other reasons, you need to switch over your business’ website to HTTPS protocol if you haven’t already.