If your website’s not secure, Google’s soon going to let your visitors know
(This post originally appeared on The Washington Post)
I’ve got a problem with my website.
There are now more than a billion users of Google’s Chrome browser. And when any of those arrive on my site–www.marksgroup.net–a little “i” icon shows up in the address bar. It means my site isn’t secure. Up until now, that really hasn’t been such a big deal. But it’s about to be.
I don’t sell anything off my site which means I don’t accept credit cards. But I do ask for users to submit their contact information when signing up for an event or to download a whitepaper. And that’s where the problem occurs.
My site uses a HTTP (Hyper Text Transfer Protocol) connection which is not as secure as the encrypted HTTPS (Hyper Text Transfer Protocol Secure) method. A lot of small businesses I know are the same.
It’s not a big change to make, but it does make a big difference. Because the data is not encrypted, an HTTP protocol not only makes it much easier for hackers to steal passwords or other information as the data moves around the web but it also enables them to copy a website or page so that users may be fooled into browsing and submitting data to a counterfeit site. The good news is that many sites have been transitioning to HTTPS–in fact, more than half of Chrome’s desktop pages are now connecting via this more secure method. But Google wants things to move faster.
Google’s plan, according to a company blog post made late last week, is to label HTTP sites that accept credit card and password data “more clearly and accurately as non-secure” for Chrome users and will start doing this in January, 2017.
The plan will intensify over the coming months. In future releases of Chrome, Google intends to make the HTTP warnings more obvious–particularly to those who like to browse “incognito” where there is a perception that security and privacy is better (it’s not.).
If your website, like mine, is either accepting credit cards or other data and still using the old HTTP protocol then our visitors are going to be warned by Google that their information may not be secure as they enter it. And the last thing we want to do is to drive customers away for fear that the information they submit could be compromised. If you want to fix this yourself, then Google offers help for setting up an HTTPS site here.
I’m emailing my webmaster as soon as I’m done writing this.