Published 10 October 2016
For many small businesses setting up or reviewing their web hosting solutions, SSL certificates aren't always a priority. However, that may be about to change.
An SSL (Secure Socket Layer) certificate, encrypts the data submitted through your site, to protect your customers credit information, passwords and personal details. Users can identify a secure site as it starts with HTTPS, rather than the unsecured HTTP.
Recently, Chrome has announced that with the latest release of their browser, they will start to crack down on unsecure sites from January next year. This means that any HTTP site will display a 'Not Secure' message in the address bar before the website URL.
Initially this 'Not Secure' message will just affect sites that use insecure connections to transmit customer's personal details, like payments or passwords. It will then be rolled out to HTTP sites visited through the "incognito" mode, and ultimately this will roll out to all HTTP websites, regardless of what they transmit. At the final stage, the warning message will also show in red instead of grey.
Many people believe that the need for an SSL certificate is limited to sites that collect credit card payments, but this isn't the case. If your site asks for, or stores, any personal info, such as passwords, phone numbers, or even photos, then you should already be seriously considering using a secure HTTPS connection. As Chrome make it more and more obvious to customers that their sensitive information could be snooped or stolen, site owners run the risk of customers no longer wanting to engage with their sites.
Already a significant portion of web traffic has transitioned to HTTPS and the usage is consistently increasing. In fact, more than half of desktop page loads on Chrome are now using HTTPS connections. But don't wait until these changes take effect to make the move. HTTPS is more accessible than ever, being affordable and simple to implement. It also enables better performance and browser features that are too sensitive to be available to HTTP sites.
If you need further convincing of how important it is to use HTTPS, you can be sure that it won't just be Chrome that highlights unsecure sites to browsers. Already, Apple has mandated that all iOS apps must use HTTPS connections by the end of this year, and Facebook serves their 'Instant Articles' over HTTPS, even if the original publication doesn't use it. It won't be long until the likes of Internet Explorer and Firefox start to implement similar features. Having these large tech companies lean on site-owners to secure their sites will undoubtedly be a big push forward for security.
There are also further changes coming to both Chrome and Internet Explorer in January next year which may affect a small portion of sites that already use HTTPS. Any SSL certificates issued with an old kind of encryption called SHA-1 will be rejected by both these browsers, meaning affected websites will not authenticate properly. However, this is very unlikely to affect anyone that has purchased or renewed an SSL certificate in the last 18-24 months. Nonetheless, you should consult with your IT specialist or team to see if there is still a need for you to migrate to SHA-2 encryption.
Whether you're already using HTTPS or not, it's important for your business to ensure you're ready for these online changes before they happen.