fbpx

HTTPS: Naming and Shaming Unsecured Sites

HTTPS: Naming and Shaming Unsecured Sites

12 Jun HTTPS: Naming and Shaming Unsecured Sites

Posted at 18:01h in Security, Technology News by
0 Likes

 

HTTPS: Naming and Shaming Unsecured Sites

Starting July, with the update of the Chrome 68 browser, internet users are going to be notified with a “Not Secure” alert when browsing non HTTPS-encrypted sites.

 

Google has been nudging webmasters towards more secure policies, but this marks the most significant push as SSL/TLS certification looks set to become the standard. For the past 2 years, Google has been downgrading unencrypted sites in search engine results, but this is the first time users will be notified about unsecured sites. Chrome’s new interface will help users understand that not all websites are secure, and will continue to move towards 100% HTTPS compliance on the web.

 

What is HTTPS:

 

HTTPS is the standard internet protocol for secure communication between websites and web browsers. Whereas HTTP is open for anyone to see, HTTPS uses a security layer called SSL (Secure Sockets Layer) which adds end-to-end encryption. This means only you and the web server you are contacting can understand the data.

 

Why HTTPS Matters?

 

HTTPS represent one aspect of Google’s vision for a secure internet. As a webmaster, it’s your responsibility to protect your website and the visitors who use it. HTTPS helps prevent intruders from tampering with or hijacking communications between websites and users.

 

1. Security and Privacy:

 

The main advantage of HTTPS is that it makes your site more secure. HTTPS is especially important on web pages where users provide sensitive information. However, it is not exclusive only to such websites.

 

On unsecured HTTP sites, intruders can attempt to exploit every unprotected communication between your website and your users, including images, cookies, scripts, and HTML. Intrusions of this kind can occur at any point in the network, including at the user’s device, Wi-Fi hotspot or a compromised ISP.

 

Privacy:

 

Encryption means that no third party can monitor or track communications between websites and users. HTTPS protect your users by stopping intruders from injecting themselves between interactions.

 

Data integrity:

 

Modifying or corrupting data during the transfer will cause an error in decryption, meaning that no changes to data can be made without detection.

 

Authentication:

 

Successful decryption proves that you are communicating with genuine sites preventing “man-in-the-middle attacks”, like those found in Business Email Compromise.

 

2.Trust:

 

A prominent name-and-shame warning on web browsers is going to impact how visitors feel about your website and your brand. If you are still unsecured, this notification will directly impact bounce rates, conversions rates, sales, and inquiries.

 

HTTPS is the future for websites, soon websites that are not certified will no longer be trusted by the user. This protocol is not a nice to have, but a mandatory standard to which all websites will be compared.

 

3. Google Rankings:

 

As mentioned previously Google, for a couple of years, has been incorporating HTTPS as a ranking factor, although currently it is a lightweight factor we expect internet security elements to gain in importance. Furthermore, if it is impacting your bounce rate and your user behavior negatively, these are more weighted ranking factors and will more-than-likely have a significant negative impact on your site.

 

What you need to know:

 

Google Chrome is the most popular internet browser with 58% of all internet users using it.

Over 68% of Chrome traffic on both Android and Windows is now protected.

75% of users in Thailand see internet security as very important

 

What should you do?

 

If you need assistance securing your site you can outreach to Aware, who can assist you in the acquisition of the appropriate security protections.

 

If you would like to see your vulnerabilities Google offers a free security auditing tool called Lighthouse which can help developers identify which websites and resources are still using insecure HTTP.