GOOGLE CHROME DISPLAYS 'NOT SECURE' WARNING FOR WEBSITES WITHOUT SSL
Starting in July 2018, websites in Google Chrome without an SSL certificate will display a 'NOT SECURE' warning in the address bar when users enter data on the HTTP page, and on all HTTP pages visited in Incognito mode. HTTP websites with forms, login fields and other input sections need to install an SSL certificate to enable HTTPS and avoid any disruptions to their website.
How do you know if your website is affected?
Here are two easy questions to determine if your website needs HTTPS and will display the 'Not Secure Warning' if an SSL certificate is not installed:
1. Does your website show HTTP:// in the browser address bar on any of the pages?
2. Does your website use contact forms, search bars, customer/partner login pages, etc?
If the answer is yes to either of these questions then it's time to install a Comodo SSL certificate on your website and avoid showing the 'NOT SECURE' warning in the browser.
Why enable HTTPs on every web page?
Failure to adopt HTTPS across your entire site could impact public perception of your website and lead to lost consumer confidence and online conversions.
- Leading search engines like Google offer SEO perks to HTTPS pages over identical HTTP versions.
- Visitors can verify you are a registered business and that you own the domain.
- Visitors trust your site because they can see data they submit is encrypted and cannot be intercepted.
- Customers are more likely to trust and complete purchases from your site.
- To encrypt and authenticate sensitive information from your website to your server
Why is this happening?
The move to HTTPS is an essential and long-overdue improvement to security of the internet. All communications sent over regular HTTP connections are in 'plain text' which can be read by any hacker that intercepts the connection between the browser and the website (this is known as a 'man-in-the-middle' attack). This is a clear danger to the security and privacy of users who submit credit card data, social security numbers, usernames, passwords and search terms to a site.
Once these items are in the hands of a criminal, they could be used to make fraudulent purchases, clear-out bank accounts and perform identity theft. With a HTTPS connection, all communications are securely encrypted, meaning that even if somebody managed to break into the connection they would not be able decrypt any sensitive user data. Installing an SSL certificate from a trusted certificate authority will dramatically improve a site's security and make it compliant with Google's latest initiative.
What type of SSL do I need?
There are many SSL solutions on the market today to fit the need for any type of website. The baseline Domain Validated (DV) SSL certificate will provide the encryption level necessary to give you the padlock and HTTPS to avoid the 'Not Secure' warning. However, in most cases businesses will need a different type of certificate that is proven to drive more consumer confidence for their business. We recommend talking to one of our specialist who can help you find the right solution.
If I have an SSL certificate am I protected from all web threats?
The short answer is no. SSL is used to encrypt the data transactions on the website but it's not a complete website security solution to protect you from other more common threats like Malware, Ransomware, and website hacks. SSL is just one piece to an overall web security strategy.
Why is HTTPS so important for website owners?
Online trust is everything. Your customers need to trust that your website is secure and that any information they submit to you will be heavily protected. Failure to adopt HTTPS across your entire site could seriously impact public perception of your online business and possibly lead to lost sales. Benefits of HTTPS:
- - Customers trust your site because they can see data they submit is encrypted and cannot be intercepted
- - Visitors can verify you are a registered business and that you own the domain
- - Visitors will not see any 'Insecure' warnings in the address bar when they visit your site
- - Customers are more likely to trust and complete purchases from your site
- - Major search engines like Google offer SEO perks to HTTPS pages over identical HTTP versions
What's at risk if you don't have HTTPS?
In a highly competitive marketplace, making a good impression is critical. This is especially true for new and relatively unknown online businesses that are looking to carve out a reputation for themselves. After the Google changes, your visitors will see the 'not secure' message more and more often on pages that are not protected with a certificate. This will inevitably discourage some from completing a transaction or even interacting with your site. Worse still, they may choose to buy from a competitor just because their site is fully secure and yours isn't. An SSL certificate could be difference between converting a sale and losing out to a competitor. Conversely, it could also give you a key competitive advantage over those companies that don't convert to HTTPS.
Sites that don't implement HTTPS on all pages also place themselves at a disadvantage in terms of search engine optimization (SEO). For a few years now, Google has given page-rank benefits to pages served over HTTPS over those served over HTTP. Online businesses face a situation where their website is pushed down the search results just because they haven't installed SSL on all pages.
Another important consideration is compliance with regulatory bodies. Major information privacy acts such as the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA) call for SSL security on all web-forms that handle sensitive user data.