why HTTPS is important
This Mashable article by Mashable has a great explanation of what it means to use HTTP as opposed to HTTPS on your website: “The next time you visit a cafe to sip coffee and surf on some free wifi, try an experiment. Log in to some of your usual sites. Then, with a smile, hand the keyboard over to a stranger. Now walk away for 20 minutes. Remember to pick up your laptop before you leave. While the scenario may seem silly, it essentially happens each time you visit a website that doesn’t bother to encrypt the traffic to your browser — in other words, sites using HTTP instead of HTTPS.”
HTTPS is a secure version of HyperText Transfer Protocol (or HTTP), keeping your website and users safe. It encrypts your wbesite data and provides a confidential browsing experience.
how HTTPS impacts digital marketing
- Site ranking: Google uses HTTPS as a ranking signal, much like mobile-friendliness. This means that sites using HTTPS are preferred and ranked higher than sites that don’t. Google is also warning users against non-secure pages by displaying a red cross over the padlock next to the URL. These steps show that Google is taking web security seriously.
- User trust and conversion rates: When a visitor uses your site, they are trusting you with their personal information and details. Users are becoming more and more aware of security issues and most will look for the signs of secure browsing before keying in any personal details. Many users will be put off by a non-secure site, thus impacting your conversion rates.
- Guarding against impersonation: HTTPS ensures authentication of the website and associated web server. This means that no one can impersonate your organisation’s website and serve false content. Otherwise, spoof sites can steal your traffic or, even worse, serve misleading content to your users.
- Fending off attacks: Upgrading your site to HTTPS helps guard against potential attacks which could compromise user information. Phishing leads a user from your site to a spoofed site or delivers malware; this is a broad attack which can be launched from any location. Alternatively, sniffing is targeted locally at someone in your user’s vicinity, where access is gained via an unencrypted wireless network, web server or browser. Either type of attack could have serious repercussions for your organisation’s reputation.
benefits of using HTTPS
Confidentiality: Your data/information remains encrypted and only your browser and server can decrypt it, thus guarding against cyber attacks.
Integrity: HTTPS protects data from being modified without your knowledge.
Authenticity: Essentially, this tells the user that you are who you say you are, and that the content on your site is authentic and hasn’t been tampered with.
why shortcuts don’t work
Using HTTPS only on a part of your site: Some websites use HTTPS for authentication (log-in, registration or payment) only, but this is not enough. Your whole site must be served on HTTPS to be truly secure. The minute the site switches to regular HTTP, it is no longer protecting the user’s privacy or temporary identity (facilitated by cookies), and hackers are getting better and better at making use of this.
Asking for email verification only: Emails are just as vulnerable as credit card details. A site requesting only email authentication is just as vulnerable as one requesting payment information, as email is universally used as a password reset mechanism. Hackers can gain access into an email account, and then use it to obtain the password for just about any other website (including websites where purchases or regular payments are made).
transferring to HTTPS is easy
Fortunately, it’s easy and free to transfer your site to HTTPS. All you need is an SSL certificate, which is how the internet verifies that you are who you say you are. Let’s Encrypt offers free, automated, open SSL certificates.
Once you have your certificate, you just need to configure it to your site, which is straightforward and can be done quickly. It’s even possible to insert a piece of code that automatically renews the SSL certificate so that it’s always up-to-date.
So why not make the web a safer place for your users with HTTPS?