Big news in search this week as Google rolls out a long-announced. change to their web operating system that informs users of Google Chrome when they are about to navigate to an insecure website.
The change, initially announced back in February of 2018, makes formal Google’s longstanding attempts to popularize the more secure HTTPS hosting format by integrating it into their native apps.
Google’s new update became active on July 24th, 2018, and affects all users of Google Chrome, whether they are browsing via an Android phone, a smartphone Chrome app, or their desktop web browser.
This is just the latest escalation in Google’s push to make HTTPS the ‘native’ format for web hosting on the Internet. It all began as part of Alphabet’s annual I/O talk in 2014 and has culminated in this move to create a physical reminder at the top of the user’s search bar that the website they are browsing is not secure.
Google here is using its significant clout—they are the closest thing there is to a monopoly on the Internet, after all—with the ultimate goal of protecting users from fraudulent and low-quality websites as well as man-in-the-middle attacks.
Why? Well, if Google is redirecting users to websites that steal their credit card information, that’s obviously not good for either the user or the company’s business model. The simple fact of the matter is that HTTPS domains using Secure Socket Layer (SSL) certificates are more secure against these types of threats, full stop.
This move encourages best practices for web design and development. It ‘encourages’ it by fiat, sure, but if it betters the experience on the web for most users, I think we can put it into the ‘don’t be evil’ camp, which is less than we can say for most of the things Alphabet is up to these days.
What Does The Change Look Like?
Open up Google Chrome and open up a second web browser of your choice.
Put them side by side, split-screen if you like. Then open up a URL of your choice.
For the sake of illustration, I’ve chosen one of my favorite perfume websites—one that I happen to know is currently not secure.
The window on the left of the screen is Google Chrome, and the window on the right is Firefox.
Looks pretty similar, right?
See that—right where I’ve highlighted?
Firefox—the screen on the right—displays a little ‘i’ icon.
The Chrome browser displays that same little icon, but beside it, there’s also text that reads Not secure.
Not secure. Kinda scary to read that when you’re about to whip out your credit card and make a purchase online, huh?
A very subtle change, but one that can do a lot to change consumer’s behavior, as long as they’re browsing mindfully. Someone surfing the Net on autopilot might not notice.
The message is harder to ignore when using mobile—it’s right there at the top of the screen. Yikes!
As A Small Business Owner, What Do I Need To Know?
Okay, strap in. Things are about to get heavy. Heavy like ‘call your IT person or your webmaster’ heavy.
You have a pretty reasonable question. Moreover, I’m about to answer it with some pretty unreasonable advice.
Or at least advice that is conflicting.
Here are the two conflicting things you need to know:
- In material, concrete terms, this changes absolutely nothing.
- This signals you absolutely need to change to an HTTPS domain as soon as possible. Like, tomorrow.
Pay attention to that little ‘i’ icon I pointed out earlier. That little symbol there was already pointing out that your website wasn’t secure. This change just makes it more evident that you hadn’t yet upgraded your security certificate.
Wait. So how can that be—that this doesn’t change anything and yet it’s super urgent that your business upgrade your security certificate as soon as possible?
More after the jump.
What’s HTTPS Mean? What Does HTTP Mean, for That Matter?
Quick Internet history lesson: since the beginning of the web, the text before the [www.] in your website’s URL was, or still is [http://]. This stands for Hypertext Transfer Protocol. As an average small business owner, you probably don’t need to know what HTTP is or what it does on a detailed level.
The key takeaway from this is that HTTP creates the architecture the Internet as we know it was built on. However, it ultimately had many security flaws. So some of the biggest names in web research, including companies like Alphabet, Google’s parent company, decided to work on a replacement.
That’s condensing a lot of information and history and politics into a single very simplified sentence, but if you are interested in how this stuff all works, do a little research on your own.
The point is, there’s now a way to connect to websites that increase web security by performing a unique ‘handshake’ between the https domain and your browser.
In so many words, your browser verifies the certificate the domain is presenting, which is a good way to ensure the website you’re visiting doesn’t have malware attached that’s trying to steal your credit card information. If you see the Secure tag on your browser’s navigation bar, you also know you’re not getting phished—which happens to even the tech-savviest individuals. That’s not a joke!
Why Is Google Forcing Me To Switch My Website to HTTPS?
No one is forcing you to do anything. Like I said above, this tiny visual change, in material terms, affects you very little.
What I am suggesting in this blog is that though the switch to HTTPS is not mandatory, and it is not currently widespread on the Internet despite Google’s best efforts to publicize the HTTPS changes, it will be standard, and sooner than you think.
Think about it this way: your customers want to know they can trust you. The fact that they can trust you is how you’ve been able to survive as a business until now. That goes for whatever industry you’re in general contracting, landscaping, web design, perfume consultation, whatever.
Switching to HTTPS of your own accord now, while it’s still not widely adopted, but over-represented among the top websites on the Internet as opposed to the Internet as a whole—well, that associates you with those top websites by leading brands, even if only very slightly. And it demonstrates to your customers that you take protecting their data and their cookies seriously.
Sure, it’s mandatory for any business that requires direct credit card processing, and you can tell me you don’t use that—but odds are you don’t use it yet. You have no way of predicting how your industry will change in five or ten years.
I mean, neither do I, but I feel pretty confident saying that HTTPS is only going to be more widely adopted by the largest sites on the Internet and that small business owners need to think about this if they want to show their customers they’re serious about security.
How Do I Change My Domain to HTTPS?
It’s a little bit complicated. Remember when I said you should call your IT person? It’s not too late in the day to do that. I have some technical knowledge about how the technical side of SEO goes, but not nearly enough to be able to confidently walk you through the process on your own.
While we don’t default every website we make at LinkNow Media to the HTTPS protocol, we likely will in the future. And we offer our clients the ability to switch to HTTPS painlessly—that’s right, we take care of all of it—for $50. That’s a steal, but it shows how we prioritize security for our customers and our customers’ customers!
Some other writers wrote some excellent pieces on what SEOs need to know about switching to HTTPS. I am indebted to them for breaking it down and putting it into layman’s terms, so I’m going to recommend you check out their guides after reading this one.
Also, Google has an excellent step-by-step guide to making the switch here..
Check out these different resources. Remember that changing protocol from HTTP to HTTPS counts as a new website, so you can’t just redirect via a URL change tool like you might have in the past. Don’t forget to submit your new site to the search index after everything’s been taken care of, or your rankings won’t tank: they’ll be nonexistent.
Why Do I Need to Switch Over to HTTPS Even If My Site’s Not an E-Commerce Site?
Technically, you don’t. If you’re able to process transactions with credit cards online, you (or your invoice provider, like Stripe) are already following the standards set out in the Payment Cards’ Industry Data Security Standards, which means that you are already using the HTTPS protocol.
If you aren’t, sure, it’s valid to ask me the question about whether HTTPS is right for you. However, consider this: is your crystal ball accurate enough to say that five or ten years from now, your business and your brand will still be the same? The Internet payments landscape may be entirely different; clients may well pay for everything online in ten years’ time.
Don’t put yourself and your business into a box if you don’t have to.
Do I Need A Standard Certificate or a Wildcard Certificate?
Probably not, unless you have more than five different subdomains that you’re using. I’m willing to bet most of you don’t fit that description, and so you’ll be better off with a less-flexible but much more inexpensive Standard certificate.
Is This Going to Change My Relationship With My Clients?
Listen, I’m not a psychic. I don’t know if your customers are going to get geeked at reading Not Secure when they log into your site and bounce to a customer’s website instead. But in the cut-throat world of web marketing, you have to do everything in your power to narrow the gap between you and your competitors. You can bet if there’s a large corporation muscling in on your electrical installations that they’ve got an HTTPS domain.
What can you do better than them? Offer a personal touch. But you don’t want to make your potential clients feel like they’re choosing between professionalism and personality—you want to offer both professionalism and personality.
Updating your site, managing your SEO, and making sure your clients feel they can trust you with their sensitive data—that’s a big part of what we call professionalism in today’s day and age.
Does This Affect My Website’s Ranking?
It does. Google has announced multiple times that they consider HTTPS protocol a positive ranking signal. It’s a minor boost at best—and a tiny part of the over 200 aspects the search engine calculates when determining a page’s ranking—but it is there.
This tiny boost could be enough to put you to the top of the list. If your competitors have switched to HTTPS, that’s a clear indicator it’s time for you to change too. If they haven’t? Sounds like an excellent opportunity to leave them in the dust to me.
How Do I Get Started?
We hope you’ve enjoyed our primary guide on migrating to HTTPS protocols for your small business website. Remember that if you’ve ever struggling with marketing your business online, LinkNow Media handles web marketing for 9000 clients running small companies just like yours—and counting.
Want to know more about our incredible web design packages or how we can move your site to HTTPS without you lifting a finger? Give us a call today and ask to speak to an account executive. We’ll get you set up on the web securely and safely.