By Sherry Bonelli / Guest Column
With all the news about Facebook’s security and privacy issues, fears of personal information being used for nefarious purposes and identity theft, people are more conscious than ever about website security.
Since June is National Safety Month, I thought we’d discuss the importance of making your website secure and why you should check to see if a site is secure before you enter personal information.
Online security isn’t just important to the people who visit your website; it’s also one of Google’s top priorities. For several years now, the tech company has been preaching the gospel of “HTTPS everywhere” online. In fact, Google’s popular internet browser, Chrome, recently began marking sites that aren’t secure (those with an http://) with a warning.
This means that when a person visits a site that doesn’t have the secure https:// in front of the URL, they will see a scary warning that essentially says the website isn’t secure and therefore their information isn’t safe. If your website isn’t secure, many of your potential customers will likely see this “not secure” warning, get scared and quickly leave your site.
The bottom line: If your site’s not secure, you could be losing business.
If you haven’t made the switch to a secure site yet, protect your visitors and your business by getting a Secure Sockets Layer (SSL) certificate and migrating your website to HTTP.
What does that mean?
An SSL certificate safeguards the data your website visitors enter and ensures it will be transferred over a secure network.
HTTP (Hypertext Transfer Protocol) and HTTPS (Hypertext Transfer Protocol Secure) are both protocols, or languages, for transmitting information between computers. With HTTP, it is possible for unauthorized parties to see the “conversation” and data between your computer or device and the website you’re visiting.
If you have an HTTPS connection, you have an extra layer of security over that conversation using the SSL/TSL protocol. That means the data is encrypted, which protects and prevents digital “eavesdropping.” It also provides authentication to ensure that the communication is only with the intended website.
Since HTTP is not secure, you should not trust a site using it with any sensitive information. HTTPS sites are secure and can be trusted.
How do I get a secure site?
First you need an SSL certificate. The easiest way to get one is to see if your current website host sells them. There are several different kinds of SSL certificates available for purchase, from Standard to EV (Extended Validation.) They all have different “features,” display the level of security differently and involve different verification steps for you. Extended Validation is the highest level of security and has a strict authentication process. Regardless of which one you pick, you’ll need to renew your SSL certificate every year.
Once you have purchased a certificate, install it on your site’s server. Your hosting company may offer to do this for you, however, I’ve found that most of the time they’ll install the certificate for you, but they don’t take the extra steps needed to ensure that your site’s migration from http:// to https:// goes smoothly.
For instance, switching from a non-secure site to a secure site is just like moving a site. Why? Because all of your URLs are now different – https://yoursite.com, instead of http://yoursite.com. That means any pages with the http:// URL that are indexed by Google and found by searchers will result in an error, because those pages no longer exist. This means that you have to do some special things to make sure the site move goes well.
Google offers a guide of things to do, and pitfalls to avoid, on its Webmaster Tools site – you can find the specific page at http://bit.ly/URLmove — although it’s typically helpful to hire a professional to help with this part of the upgrade.
If you want to ensure that your site keeps up with security standards, it’s best to switch to a secure site as soon as possible. If you have any questions, you’ll find a plethora of information online and at the most trusted source, Google’s Webmaster Tools site.
Sherry Bonelli, digital marketer and presenter/speaker, is the owner of early bird digital marketing in Cedar Rapids.