HTTPS or not?
This week Google Chrome hit the headlines by flagging many well-known websites such as the Daily Mail, Argos, and ESPN as being ‘unsafe’ and having security issues so, are they safe and could your website be ultimately marked as unsafe too? No, they are not suddenly unsafe but it all boils down to HyperText Transfer Protocol (HTTP) and the addition of the ‘S’ which stands for ‘secure’ which means any data passing between a customer/browser and the website remains secure. This is obviously a good thing if, for example, you are processing transactions or data where privacy and security are an issue. About 20% of the world’s top websites are using HTTPS to protect customers against data theft and hijacking, but there is no evidence that sites that haven’t have been subject to attacks or data misuse.
Whilst there haven’t been attacks on many of the sites not using the secure system, there is still a risk that cybercriminals can exploit this vulnerability to insert their own code into a site, steal data or place malicious or spam advertising. As a result, many sites are choosing to make the change to HTTPS to secure customers data and provide reassurance that transactions are secure.
So, what does this mean for those who haven’t made the change?
From today sites without the secure HTTPS protocol will be flagged by Chrome as being insecure and with the other big browser makers likely to follow suit soon the UK’s National Cyber Security Centre is recommending that all sites should use HTTPS to secure both user data and transactions. Google began the process of warning people about the issues around insecure websites in early 2017, mainly for sites that processed transactions or collected passwords and similar systems exist for other browsers. But the rollout this month marks a shift in security practice with the update to Chrome 68.
How easy will it be for smaller sites to update?
The Let’s Encrypt project is providing easy to follow guidelines and tools for smaller sites that mean they can find out how to make the changes necessary and become more secure. With a free to use certification authority, it’s something that any small to medium business should consider over the next few months.
So, should visitors avoid insecure sites?
Just because a site doesn’t have the security certification doesn’t necessarily mean it’s a risk, but with the technology easier and simpler to adopt it will become something that most website owners need to consider. To build trust with your potential customers it’s essential for them to have confidence in the way you handle their data and transactions. Other security systems such as two-factor authentication and secure transactions also promote trust and protect customer’s data, adding an additional layer of reassurance to the way you do business online as well.
A managed service from Tecsenza can help you explore a number of security options including gaining the security certificate for your site. Call us or use our contact form to book a security consultation with one of our qualified security experts who can help you to improve the security of your business IT systems.”