If not, then you should migrate to HTTPS as soon as possible and no later than July 2018.
What is happening in July 2018?
In July 2018, when Version 68 rolls out for the Chrome browser, all web pages that are not served over SSL, i.e. ones that begin with http:// instead of https://, will be marked as ‘Not Secure’ by default.
On the Chromium blog, Emily Schechter, Chrome Security Product Manager indicated that
Developers have been transitioning their sites to HTTPS and making the web safer for everyone. Progress last year was incredible, and it’s continued since then:
Over 68% of Chrome traffic on both Android and Windows is now protected
Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
81 of the top 100 sites on the web use HTTPS by default
Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default.
Countdown to July 2018
What does this mean for businesses?
With Chrome owning the largest browser market share in Australia and across the world (over 56%), an important and visible browser update like this cannot be ignored.
Browser Market Share from Jan 2017 to Jan 2018 – StatCounter Global Stats
The implications of the browser informing the user that a website is Not Secure are manifold, primary of which are:
Impact on reputation of the business
While e-commerce websites that take payments online have largely been ensuring that their websites are HTTPS enabled, a lot of businesses that generate leads on their website, i.e. request the user to fill a form out, have been overlooking the importance of protecting their users’ data by ensuring that these forms are served over HTTPS. This trend is apparent by the large number of business websites that are still served over plain HTTP.
Impact on search engine rankings.
Since 2014, Google has been known to consider HTTPS as a ranking signal, i.e. a factor which influences its algorithms on which pages to promote over others in its search index.
While the jury was out on the weight given by Google to this signal in the past, the latest update by Chrome is almost certain to increase its importance.
Benefits of migrating to HTTPS
Regardless of the commercial impact of not serving your website over HTTPS, having it enabled is a good idea because:
HTTPS protects the integrity of your website
HTTPS helps prevent intruders from tampering with the communications between your websites and your users’ browsers. Intruders include intentionally malicious attackers, and legitimate but intrusive companies, such as ISPs or hotels that inject ads into pages
HTTPS protects the privacy and security of your users
HTTPS prevents intruders from being able to passively listen to communications between your websites and your users.
What is involved in enabling HTTPS for a website?
Come mid-year, there is likely going to be a scramble by businesses for making their websites secure by default.
It would be prudent to start early and perform an audit of your website to determine the effort involved in enabling HTTPs.
Depending upon the size of a site and scope of the project, a migration from HTTP to HTTPS can be quite an undertaking.
Obtaining / purchasing an SSL certificate is probably the easiest part of the lot. Installation difficulty depends on the web server software that your website host is running and the level of access you are able to gain from your hosting provider.
Another key factor to look out for is Mixed Content. Even if your page itself is served over SSL/TLS, if it references resources like images, embedded videos, scripts, etc. that are served over plain HTTP, the browser will still emit a warning that some elements of the page being viewed are insecure. Resolving mixed content issues often involves a thorough audit of your web pages followed by steps taken to migrate to HTTPS versions of these resources.
How do I get started?
There are several resources available on the Internet for migrating from HTTP to HTTPS.
Kinsta has an In-Depth HTTP to HTTPS Migration Guide that the DIY’er with sufficient time and knowledge or access to technical resources can follow.
Of course we, at BroadWeb, can help too.
If you would like a free no-obligation high-level migration readiness analysis of your website, feel free to get in touch below.