Internet security is an ongoing game of cat and mouse. Web designers, programmers, and developers are always working to stay a step ahead of the scam artists and hackers whose intention it is to spoof websites, steal identities, and reveal hacked information online. Search giant Google is at the forefront of the battle, and they are introducing some big changes for their Chrome browser starting in January 2017.
As a local business owner, you can’t afford to ignore changes in online security because they have a direct impact on your business. With that in mind, let’s explore the upcoming changes so you know what to expect – and how it will affect your business in the coming year.
Why Web Security Matters
Online security is more important than ever before. It seems like hardly a month goes by without news of a new security breach. Email providers, banks, and retail outlets have all been victimized. These breaches are costly to everybody involved. The institutions whose security is compromised take a hit to their reputations, customers are at risk of having their credit cards used by thieves, and financial institutions have to issue new cards.
How Customers Know Your Site is Secure
The sites that are safest to use are those that display https:// before their URLs. Sites that are not secured are usually preceded just by http://. Savvy consumers know that it is best not to hand out their credit card information – or any other personal information that might enable a thief to steal their identity, such as a full name, their mother’s maiden name, and so on – on a site that lacks the https:// prefix.
How Google Chrome is Changing
At present, Google Chrome uses a relatively subtle designation to let their customers know whether a site is secure. On any site that uses the https:// prefix, Chrome puts the prefix in green and displays a little lock icon next to it.
Google has announced changes because they fear that the current designation is too low-key to be effective. Starting in January of 2017, their new display will feature the words “Not secure”before the URLs of sites starting with http://. They conducted a study that showed that customers were not perceiving the lack of a green lock as a warning that the site was not secure.
The “not secure” label is only the first step in their efforts to protect their users. Future updates will add the new warning to incognito browsing, and eventually the plan is to display a prominent red triangle as a warning.
Why should does this matter? Because 71% of all local searches on Google’s are done through the Chrome browser and that means that a large percentage of your online traffic will be discouraged from clicking on your website.
The Difference between Secure and Non-Secure Sites
While secure sites offer obvious benefits to your customers when it comes to the security of their credit cards and other personal information, there are some other benefits to changing your site.
- When you have a secure site, it engenders a sense of trust in your customers. They feel comfortable sharing information with you because they know you have taken precautions to protect that information and keep it safe. Trust is a key component of any successful customer relationship.
- When you have an SSL certificate (the certificate that adds the “s” to your URL) on your website, it helps customers confirm that you are who you say you are. Spoofed sites and phishing sites are rarely secure, so adding the certificate acts as a way of instantly verifying your identity online and reassuring customers that they are on a valid website.
- The SSL certificate guarantees that any information you receive is secure and accurate, too. Without the certificate, it would be possible for a hacker to interfere with the data that comes into your site. With it, you can be confident that you are receiving the information that your customer or vendor intended you to receive.
- Finally, having a secure site can actually benefit your SEO. Google now uses the https:// designation as a factor when evaluating websites and ranking them for search. That means that not having a secure site might be negatively impacting your Google search rank – and your traffic.
While there are some costs involved with adding the SSL certificate to your site, there is simply no reason not to do so.
How to Update Your Site
Now let’s walk through the steps you need to take to obtain the SSL certificate and add it to your site.
- First, buy an SSL certificate. You can get one from companies such as GoGetSSL or SSLS. You can choose the extended/organization validation display, which will show your company name next to the green lock in the Chrome bar, or the domain validation option, which simply shows the green lock.
- Install the SSL certificate on your web server. You can find instructions for how to install based on which software you use by scrolling down on this page. After it is installed, you should run a test to make sure it is working properly. This tool from SSL Labs is useful.
- Search your site and update all of your hard-coded URLs from http:// to https://. This tool from Interconnect IT can help you do it quickly and painlessly.
- Update all of the scripts on your page.
- Add a 301 redirect to all of your new https:// URLs. It is best to do this at the server level instead of using a plug-in. If you skip this step, your search rank on Google could take a huge hit, so make sure to take care of this as soon as possible.
- Update your robot.txt file to make sure that any blocking rules or hard-coded links are now pointing to your new https:// address.
- If your site uses a content delivery network (CDN), make sure to add the SSL certificate to that, too. If you don’t, your site’s visitors may end up with major problems. While you’re at it, make sure to update your origin URL on the CDN, too.
- Enable HTTP/2 support on your CDN. You can do it by clicking Zone > Manage > Edit > Advanced Features, and then choosing Enable HTTP/2.
- Update all hard-coded links on your CDN to https:// the same way you did on your own site.
- Update everything on Google and have them crawl your website under the new, secure URL. That means you have to create a new profile under Google Search Console, create a new sitemap, submit a “Fetch and Crawl” request, resubmit your “disavow” file to avoid penalties, and update your Google Analytics account with your new URL.
- Update everything else, including the URLs for your search engine ads, social media pages and ads, and so on. You should also migrate your social media share counts to your new site.
This might seem like a detailed process, but it is a necessary one. You have approximately three months to get your site updated before Google starts displaying the first warnings. That gives you plenty of time to do it right and reap the rewards of offering your customers a secure website.