Stop Scaring Your Customers. Get Your Website An SSL Certificate.
At first, it was just a rumor. One day, Google would let everyone know which websites were no longer safe to browse. It would “shame” them by stamping the two words in the search bar that inspire dread: not secure. You used to get along just fine without an SSL/TLS certificate because it was only chatter among tech people. Then it happened. On July 24, Google released Chrome 68. Among the many features for this browser update, perhaps the most talked-about was the HTTPS security notification. Google now warns users that sites without certifications are not secure.
SSL/TLS? HTTPS? Too many acronyms, you say?
If you want your organization’s website to rank on Google, and if you want your customers and prospects to actually engage with your site, all of these capital letters matter.
Without an SSL/TLS certificate, your bounce rate will go up. Prospects will not convert if they’re even able to find your site in the first place. Current customers will think you’ve betrayed their trust when they realize you’re No. Longer. Secure.
Don’t panic. Not yet, at least. Let’s get into what these security updates mean for you, and what you can do about them right now.
What is the SSL certificate?
SSL stands for Secure Sockets Layer. It was the original security protocol that websites used to encrypt data transmitted between a user’s browser and the web server. It was developed in the early 1990s and went through several updates. In 1999, a new version renamed the protocol to TLS (Transport Layer Security).
These days, when most people refer to SSL, they’re actually talking about TLS, currently in version 1.3.
SSL/TLS can be complicated, but for the sake of simplicity, it goes something like this:
- Customers or prospects visit your website.
- Google alerts them if your site is not secure.
- If you have no SSL/TLS certificate, Google warns that any personal information they enter on your site may be stolen by attackers.
- If you have a certificate and HTTPS distinction, the user will see this:
See how much safer that looks? It’s Google’s way of saying that the data on your site is encrypted.
The easiest way to understand SSL/TLS encryption is through the handshake, which is the way two parties (the client and server) negotiate communication. The client verifies the server’s security certificate so encrypted data can be transmitted and decrypted.
Essentially, the handshake determines whether it is safe for both parties to exchange information.
The handshake is only part of the encryption procedure— a lot more goes on behind the scenes. As long as you have an SSL/TLS certificate, it means your site is much safer for users to visit and share their personal information with you. With HTTPS, they can safely fill out a contact form or purchase a product through your site.
Secure sites rank better on Google. Period.
It’s not just about data security. Without HTTPS, it’s a lot harder for people to find your site on Google.
How does an insecure site rank in a Google search? Not well. Google has been favoring sites with HTTPS for years and has only increased those efforts with Chrome 68. If you’re able to put aside your feelings about losing conversions, you’ll then have to deal with the fact that Google is punishing you in your search results. While Google doesn’t require an SSL, it clearly helps.
There’s a trend here, and it’s headed sharply in the direction of greater site security.
Surprisingly, some major sites haven’t caught up, and it doesn’t make for good press. In 2016, Wired.com noted that “[A] Google audit shows that 79 of the web’s top 100 non-Google sites don’t deploy HTTPS by default, while 67 of those use either outdated encryption technology or offer none at all.”
Scary stuff, but that was over two years ago. Surely every top site uses appropriate security measures by now, right?
Wrong. Projects like Why No HTTPS have been working to expose how many of the world’s top sites are still not secure. For every insecure major site, just imagine how many smaller, less heavily trafficked sites don’t have the proper SSL/TLS certification.
Fortunately, there’s plenty of good news here. The thing to remember is that Google’s security updates exist in part to protect data on the web. In this case, it’s the personal data your customers and prospects enter on your organization’s website. Google has your back, but it’s up to you to make sure you take the next steps.
