You may have run a successful business website for years without ever needing to know about HTTPS and SSL certificates. As a way to protect and encrypt data, it was only really necessary for eCommerce and banking websites. And while there has been encouragement to switch for the last two years, there are big reasons why your website needs to move to HTTPS ASAP.
What is SSL and HTTPS?
SSL stands for Secure Socket Layer. This is the encryption that provides a number of benefits for both your business and your customers. And when you add SSL to a standard Hyper Text Transfer Protocol (Now you know what HTTP actually stands for!) you get HTTPS, or Hyper Text Transfer Protocol Secure.
In addition to the new address indicating your secure status, internet browsers also display a padlock icon to let visitors know that their data is being protected.
There are different levels of SSL Certificate, which all offer the same level of data encryption. The highest level of SSL includes a thorough background check on your company.
Most businesses will only need to protect a single website domain. Some might need to also cover sub-domains (for example, if you have yourbusiness.com and shop.yourbusiness.com). And you can obtain a certificate to cover up to 100 domains if you run a large company or web design agency.
Why Does Your Business Need To Move To HTTPS?
Fellow expert author James Rice mentioned a number of the benefits of switching to HTTPS in his previous Knowledge Centre article. They include better security (protecting customer data and reducing the risk of information being intercepted or altered after it has been sent), more accurate Google Analytics data (as referral data from a HTTPS site to a HTTP site is stripped out and grouped as Direct traffic), and a marginal search engine optimisation (SEO) advantage.
But Google has since announced a larger change to promote HTTPS.
From January 2017, the Google Chrome browser now shows a new warning if your website collects payment data or passwords and doesn’t have an SSL Certificate properly in place. Chrome is now the most used web browser. And it’s a core part of the Android mobile system. With more and more mobile traffic, this could really damage your growth.Every business website should be using HTTPS as Google ramps up the encouragement Click To Tweet
Google has also stated that the long-term plan will be “to mark all http sites as non-secure”.
So even if you don’t take payments or require any users to register with your website, you’ll soon find yourself marked as a non-secure destination. And to make it easier to spot, Google will be switching from a text warning to also displaying a noticeable red warning triangle.
It’s probably better not to have to find out by forgetting to get everything in place now!
If that’s not enough, the newest features Google is rolling out for websites will only be made available for modern website servers and internet browsers using the recent HTTP/2 protocol. And to use HTTP/2, you need to have HTTPS enabled.
One example has been the website push notifications now being offered, similar to getting alerts on your mobile phone. But with plenty of updates to Google business listings and data such as map locations, it’s likely you’ll feel the impact more and more in the future.
Why Move To HTTPS As Soon As Possible?
It’s tempting to avoid switching to an SSL Certificate until you really need to. In addition to any purchase cost, you’ll also need to cover off various SEO tasks to ensure everything works as it should. And it’s surprising how many websites have managed to get it wrong.
A study in 2016 showed that 90% of the top 10,000 sites on the internet had a less than perfect HTTPS implementation. And even worse – 65% hadn’t got it working correctly!
Fortunately the study focused on the largest and most complicated websites. For example, Wired magazine took several months to fully roll out HTTPS. Not only did they have a massive website, but also a wide mix of advertising and content. And here is an in-depth summary of our own experience of moving to HTTPS on Yell.com. Luckily, your site is likely to be much, much more simple!
Since even the start of 2016, many more content and advertising services have not only rolled out HTTPS, they’ve also made it easier for anyone using their products to change.
By planning to switch now, you allow plenty of time for a smooth process. And you’ll have plenty of time to avoid any fall in customers. If you have everything in place before your competitors, it will help your business grow online.
Justifying HTTPS To Your Boss Or Accountant:
Our previous article on switching to HTTPS includes a fairly comprehensive checklist of what is involved in the process. And for most websites, an SEO specialist will be able to run through the process fairly quickly and effectively.
In return, you’ll get:
- More trust from your customers: Not everyone is aware of the importance of the padlock symbol. But banks, anti-virus software and Google are all working to spread increased security awareness.
- A faster website: Enabling HTTP/2 means you’ll have access to the most modern protocol for speeding up websites. And site speed makes a big difference in converting visitors to customers.
- The latest gadgets: Services like Google Maps will continue to improve in the future. Do you want to miss out on their latest features? Or potentially lose access entirely?
- Better Data: No more losing referral data from HTTPS websites in Google Analytics. Or trying to use time-consuming workarounds to try and figure out what is sending people to your website.
- A Small SEO Advantage: Simply turning on HTTPS won’t automatically make you the top search result. But it will give you a slight advantage over anyone that hasn’t made the switch yet. But that will only give you a benefit if you act now, before your competitors catch up.
This is why I’m planning to finish transferring all my personal projects and blogs to HTTPS over the coming months. I’m not just recommending any existing clients make the switch as soon as possible, I’m unlikely to launch a website in the future which doesn’t have HTTPS in place from the start.
NB: All new Yell websites are HTTPS as standard.