Introduction
HTTPS has been around for nearly 20 years, securing private communications on the web and underpinning the growth of eCommerce. However, until recently, its importance for websites which do not handle private information has been poorly understood. In this short guide, we will summarise what HTTPS is, and why it’s now a necessity for all businesses.
What is HTTPS and why should I care?
HTTPS is a standard which allows web pages to be automatically encrypted and decrypted. A hacker with access to the network can still see that a user connected to your website, but they cannot see or modify any of the data that goes between.
The encryption is handled by the visitor’s web browser on their behalf, without any additional work on their part. They just browse the web as normal, and sites which support HTTPS are automatically delivered over an encrypted connection. The browser even shows a padlock in the address bar to show that the connection is secure:
By securely encrypting the connection, both parties know that their communications cannot be snooped on or modified by a malicious third party.
This is especially important with the advent of mobile devices which are much more likely to be connected to insecure public wifi hotspots. Without HTTPS, anyone with a bit of know-how can not only read any data that goes between you and your clients, but they can also change the data in transit. This means that they can inject malware or advertising into your pages, and visitors will think it’s come from you.
This is such a big problem that Google has announced that starting from January 2017, it will actively flag sites which do not use HTTPS as “Not Secure” in the address bar. Initially, this will apply to websites which have password or credit card fields, but eventually, all unencrypted pages will be labelled as below:
Three reasons to secure your website now
- Protect your visitors’ privacy, and safeguard your reputationFirst and foremost, delivering your website over a secure connection shows your customers that your company will treat their data with the care and discretion it deserves. This helps enforce your brand’s reputation while safeguarding you from potential embarrassment.
- Improve your website’s loading speedHTTPS is also a pre-requisite for the new HTTP/2 standard which greatly improves the loading speed of pages by optimising the way files are transferred over the network.
- Improve your search engine rankingsNot only is HTTPS itself used by Google when calculating your site’s quality score, the page loading speed, which it improves, is also a significant factor. This means that just by securing your site, you can greatly improve your website’s quality score.
Conclusion
HTTPS is a technology whose time has come. Socially and technologically, its many advantages make it a clear best practice, while the opportunity cost of getting left behind continues to increase.
For most websites, transitioning to HTTPS should be quick and easy, but if you need some help, please get in touch :).