What is a "Secure" Website Anyhow?
Google now officially recommends securing websites with HTTPS, which means that not only will this be important for organizations that want their websites to perform well in search, but more and more visitors will come to expect it.
Website security is no longer something for only certain types of websites to worry about - it's a best practice for all businesses and organizations that want to optimize their search engine performance, establish credibility with visitors, and maintain a professional web presence.
Website security covers many areas , but for the purposes being discussed here, it means that the website utilizes SSL , which stands for Secure Socket Layer, a standard security technology that establishes an encrypted connection between a web server and a browser, with the URL being prefixed with "HTTPS" rather than the standard and unsecure "HTTP" (with that extra "S" standing for "Secure").
Put simply, SSL secures the information that is shared between you (the browser) and the website that you are viewing or interacting with. Any information that you normally submit to a website (or retrieve from a site) is sent as plain text and can be viewed if an attacker is able to intercept the information. SSL encrypts the information that is shared between the browser and the web server, so that even if a user's information is intercepted by someone who is not supposed to have it they will not be able to read the data.
It's not hard to understand why SSL has historically been considered a best practice for any website that is processing transactions with sensitive data such as social security numbers, credit card numbers, personal health records, or login credentials. Now, SSL is becoming a best practice standard for all websites, including those that do not necessarily process sensitive data.
Browsers Now Shame Unsecured Websites
You may have noticed that most common desktop browsers such Internet Explorer, Chrome, FireFox, and even mobile browsers, such as Chrome on Android, and Safari on iOS prominently show lock icons to indicate when a site is secure via HTTPS. Chrome in particular goes a step further by labeling standard HTTP sites as "unsecure", as you can see in these examples (the same page for wholefoodsmarket.com viewed in Chrome - one with HTTP, and the other with HTTPS).
Because of these browser cues, website users are increasingly becoming conditioned to identify when a site is secure vs. unsecure, and with that comes an implied sense of credibility and professionalism in favor of secure sites. This is especially important for business websites that have a brand image that is reflected in their web presence.
Is Your Site Secure?
Confirming whether your site is secured with HTTPS is a two-step process: (a) make sure that you have an SSL certificate properly installed on your server, and (b) confirm that your pages are being forced to HTTPS versions of the URLs (i.e. so their are no unsecured versions of the page using HTTP).
Protecting Your Users, and Your Business
Last but not least, if Google's preference for secure websites isn't enough, consider your users. If your site is not secured with HTTPS it essentially means that ALL data submitted through your website could be intercepted by someone who is not supposed to have it - this includes contact forms, logins, chat logs, and browsing patterns.
Do you really want to expose your users, and your organization, to that kind of liability?
Ultimately, for 2017 and beyond website owners will want to ensure that their websites are properly utilizing SSL and HTTPS for optimal security, search performance, and credibility with users.
If you need assistance making sure that your website is properly secured with SSL and HTTPS, as well as other security best practices for site maintenance, please feel free to contact us for a complementary assessment or to discuss further.