October (2017) is upon us, and so are Google’s sweeping new changes in how Google ranks your business website! But why, and what do you have to do to avoid penalties to your business?
In an effort to make the web more secure for everyone, Google frequently tries to incentive website owners and businesses to pay more attention to security. This time, it’s by asking everyone to switch their websites from using HTTP to HTTPS, or else suffer consequences in the form of lower search engine rankings. But what does making that switch mean?
The early architects of the internet had no idea that it was going to be a place where practically everyone is online and exchanging information, including sensitive information like credit card and social security numbers. So security was a low priority compared to other technical aspects like transfer speed and how the data looked when it arrived.
Out of those early days came HTTP: “Hypertext Transfer Protocol,” the method to transmit and view HTML pages (websites) on the internet. However, as time and usage increased, people discovered that HTTP is quite insecure; it is relatively easy for any information to be intercepted and recorded, or even altered before display. As a result, HTTPS, “Secure Hypertext Transfer Protocol” was developed.
What the heck is HTTPS?
The details on how HTTPS works gets pretty technical, but suffice to say: HTTPS is much more secure than HTTP. It prevents the data flying back and forth between a website and a website viewer from being read or altered by unverified parties. This can still be important for websites that don’t collect any personal information from a visitor directly: Imagine a case where someone intercepts your website data just before the visitor sees it, and alters your customer service phone number. Then the visitor might call a fake help line and verbally give up their personal info to people posing as your representatives. You’d never even know of the danger to your customer, because your website itself wouldn’t have been touched by hackers – just the signals that it sends out.
Given these dangers, why didn’t everyone immediately take advantage of HTTPS? After all, it makes sense for everyone to have secure websites. To use HTTPS, website owners need to obtain a SSL certificate. These are different from other certificates! It’s not just something that you’re handed after one evaluation. Rather, these certificates show the involvement of a certifier, a trusted third party who assists in securing the data transferred between visitor and website, website and visitor. This third party also helps to verify that the information you sent to your visitors is the information that they received, and no alterations have occurred in transit. The barrier to entry was that, in the beginning, there were only a few main agencies that had both the technical know-how and the trusted reputation to serve as certifying third parties for HTTPS sites, and they charged big bucks for that service – $200 a year was once the low end to obtain an SSL certificate, and much higher prices were not uncommon.
Therefore, Google and other web companies held off from trying to force website owners to get SSL certificates, even if it was in the best interest of their visitors – they feared that putting such high price barriers in place to getting search engine rank would spoil the democratic nature of the internet.
But then came Let’s Encrypt, a non-profit organization of programmers and web professionals who aim to improve everyone’s digital lives by creating “…a more secure and privacy-respecting Web…” Their main mission: make high-quality SSL certificates available to everyone for free. After proving themselves as both secure and reliable for a year, Google decided that now was the time to push everyone to get on board with HTTPS, as there is no longer a price barrier.
How does this effect me?
Secured websites may enjoy a bump in search engine rank, as it signals to users and to Google that your site is the real deal. This means that you could appear in searches about your non-secured competition — it will become one more arrow in your SEO (Search Engine Optimization) quiver.
On the flip side, though, if a site is not secure, a warning may appear on the URL line, warning visitors that your site is not secure. This can dramatically impact your credibility with visitors.
So, for businesses, this seems like a no-brainer to switch from HTTP to HTTPS. Why not give their customers peace of mind when doing business online, and give yourself a search rank boost in the process?