Why You Need HTTPS on Your Website

https - TLS

Most any web user can tell you when they visit a website that uses HTTPS. They know this by the green lock in browser or the HTTPS (vs. HTTP) in the address bar. This indicates that you can generally trust your connection to the site in question is “secured” with TLS (Transport Layer Security). Herein we’ll explore why you should (if you haven’t already) set this up for your website immediately. Although you may not be familiar, TLS is the successor to SSL (Secure Socket Layer). Unfortunately, many continue using the term SSL (including major industry titans) when they mean to refer to TLS. Anyhow, onward into why you need to set up TLS encryption today.
Even in 2018, there are still a large number of websites which don’t have HTTPS/TLS enabled. When you visit a website, and you use the HTTP (Hyper Text Transfer Protocol) the content of your session is in clear text – readable to anyone in between you and that website. Enter HTTPS. HTTPS creates a secure channel over an insecure network (the Internet) which secures your session from your browser to the server you are connecting to. It keeps you ‘secure’ from eavesdropping, tampering, MiTM (Man in the Middle) and many other threats. The underlying technology that powers HTTPS is actually TLS. TLS enabled a website visitor can be reasonably assured of the authenticity, privacy and integrity of the connection to your website. In essence, it keeps user session/communications, identity and web browsing away from prying eyes. But that’s far from its only purpose it has many serious business impacts which we’ll explore further.

SEO/Page Rank

Google Page Rank is the elegant algorithm which decides how your website ranks within Google’s organic search results. Google has publicly stated for years that HTTPS or TLS is a requirement. In essence Google and other search engines will rank your site lower than comparable sites that have TLS. In some cases, you may be outright blacklisted if you don’t have HTTPS. Generally speaking, you will lose out in terms of your page rank over those that have HTTPS enabled. Sound serious? Yes, it is. Keep in mind most customers find you from the web.

HTTP2

As we stated before, HTTP is the foundation of data communication on the world wide web. The current version of HTTP (Hyper Text Transfer Protocol) HTTP 1.1 which was introduced in the early 90’s is, like SSL; going to be supplanted. HTTP2 is the next generation of the HTTP and is an important step forward in the speed and performance of your site. HTTP2 is key here because it requires TLS to function. This is also critical because performance is a key ranking factor in page rank. A faster website, generally means you place better in search engine results which means more customers and more profit. There are many benefits of HTTPS: better performance, security and page rank, etc.

Google Chrome

Google Chrome is one of the most popular web browsers used today. As of July 2018, with its release of Chrome 68 browser all sites without HTTPS will be marked ‘Not Secure.’ Google’s goal here is to make the web a safer & secure place to be. The browser is simply notifying a user that the site they are communicating with is unencrypted and is susceptible to eavesdropping, tampering, MiTM etc. Google isn’t the only tech titan recommending TLS, Apple, Mozilla Firefox and nearly every other vendor have been doing so for years now. Do you really want your customers assuming your organization is insecure?

Regulatory Non-Compliance

Industries and companies that fall under regulations also have the requirements to have HTTPS on their website. If you’re a healthcare provider or covered entity, HIPAA applies, if you are doing business with EU citizens GDPR applies, if you have an ecommerce effort you must comply with PCI. As always, TLS is only a single part of your larger compliance requirements.

How to Get HTTPS

If you are not currently using HTTPS on your website contact your web hosting provider and ask to get it set up today. If they don’t offer it, find a new provider contact us and we’ll help you get it all squared away. It shouldn’t cost you more than a $100ish a year. If your web hosting provider supports it, the nonprofit Let’s Encrypt offers free TLS certificates.

Be under no illusion that this technology magically solves security concerns but it’s a step in the right direction. It secures your users client sessions via TLS cryptographic protocols but it doesn’t secure your website itself – only the transmissions to and from your website. It doesn’t magically secure your web applications, ensure your coders are using secure coding practices or solve the multitude of other security risks. It’s not ‘magic’ beans, but part of a larger requirement of todays best practices for securing your web presence. As always, defense in depth is no single technology or process but many layered elements of people, process and technology.

As you arrive at the end of this post, I hope it’s clear you need HTTPS setup yesterday. If you conduct ecommerce, have a web application that sends or receives sensitive data or you have a contact form – you should have TLS. Fact is, you should have TLS no matter what. If you have questions or comments please leave them below or contact us. We are always happy to help.

Joseph P. Guarino has a long history of producing business results with the application of information technology. Joseph's expertise span over 15 years in the private sector at leading technology firms and consulting organization. With Evolutionary IT, he saw a market need to bring his transformative knowledge and expertise to firms in the New England area and worldwide. Joseph is driven by a strong desire to see customer's thrive with the best business solutions. Evolutionary IT evolved out of this desire to bring a new level of quality IT solutions, align them with business goals and give customer's a competitive edge.
Posted in Internet SecurityTagged ,  |  Leave a comment

Leave a reply