Cybersecurity
If you notice a “Not secure” message on your HTTP site later this month, it may be because of a change Google is making. Google Chrome is set to begin marking all sites without SSL as “Not secure” starting with the release of Chrome 68, expected mid-to-late July 2018.
If your website is still on HTTP, or in other words, is not HTTPS, you will be impacted by this change.
Not having SSL is not going to get any easier on those without it. By October, Google Chrome will make a change to make the “Not secure” message appear red with any user input. Web browsers are making a bigger and bigger push to shame sites without SSL, and for good reason.
What is SSL and why does it matter?
Your users should have every indicator possible to show them that they are securely browsing your website. Seeing “Not secure” is not a good message. You want them to trust your company? Help them first by letting them know they can trust your website.
SSL makes web browsing safer for your users. Data is encrypted between your end users and your website. This “handshake” between client and server makes it more difficult for any “middle-men” to interfere, phish, or eavesdrop. A user’s browser makes the web server identify and prove it’s legitimate before a secure connection is made, which then ensures all data between the user and the server is private. Without SSL, communication between your site and your user is transmitted in plain text.
It’s gone from being considered only needed if a site is collecting very sensitive data (i.e. banking websites), to being a good idea for everyone, to being a best practice. As we’re seeing now, it’s now become what we consider a requirement. Previously having SSL was positively reinforced, but now not having it means you’ll be negatively marked.
So why is my site showing as “not secure” now?
We’ve actually been talking about it for a while. There’s been gradual shift over the last few years in the way Google Chrome browsers display website URLs in relation to their security.
Last year Google Chrome implemented a “Not secure” message on non-SSL sites, but only if the page had a form or field for data entry. That was the biggest push leading up to the newest changes. The switch to the “Not secure” message appearing for all non-SSL sites regardless of site content is the next logical step. The time has come.
If it’s only in Chrome, is that a big deal?
- Chrome owns the market share of browser users. It’s by far the most popular browser in use at roughly 60%.
- Because of Chrome is influential, we’ll see other browsers follow their lead and implement similar measures.
- SEO, or search result rankings, on Google are impacted by SSL regardless of the browser.
What do I do to fix the “not secure” message?
Apply SSL to your website. The web team at 1Path has been following the trend and about a year ago created a new SSL service for our Website Total Care WordPress hosting clients. It’s easier and more cost effective than ever before. You’ll also want to make sure your team fixes any mixed content issues you may run into while switching over. Your site won’t appear as fully secure if there’s anything insecurely linked using HTTP on your site.
1Path server engineers created a solution that enables us to provide SSL on the websites hosted on our servers without requiring traditional SSL. New ways of implementing SSL enable us to provide encryption for your site at a reduced cost and without the hassle of keeping up with certificate renewals. For many users this is a great way to easily and more cost effectively secure your website.
The way SSL has worked since almost the beginning — an IT person purchases a certificate at varying levels of security encryption. Some are more secure than others. The more secure, the more costly. Certs must be renewed periodically. A standard one year, one domain certificate might cost between $175-200 annually. To lessen the annual cost, a 3-year standard certificate might cost $400-500. In some circumstances this will continue to be a good option for businesses who need it.
Contact your website services provider about how to implement SSL. Your IT support service team can also often assist with purchasing or repurposing an existing certificate with you.
