BLOG & NEWS

Why Marketers Should Care about Upgrading to HTTPS

Upgrading to HTTPS image | Pedalo web design London

Traditionally, issues of internet protocol were considered technical par excellence.  But these issues actually have a growing impact on your digital marketing success.  Here’s why.

I recently came across a great explanation of what it actually means to use HTTP as opposed to HTTPS on your website, in an article by Mashable:

The next time you visit a cafe to sip coffee and surf on some free Wi-Fi, try an experiment: Log in to some of your usual sites. Then, with a smile, hand the keyboard over to a stranger. Now walk away for 20 minutes. Remember to pick up your laptop before you leave. While the scenario may seem silly, it essentially happens each time you visit a website that doesn’t bother to encrypt the traffic to your browser — in other words, sites using HTTP instead of HTTPS.”

In this post we will explore why HTTPS has more to do with your online marketing efforts than you realise, and how simple it is to upgrade your website to HTTPS.

How using HTTPS impacts your digital marketing

  1. Site ranking – Google uses HTTPS as a ranking signal, much like mobile-friendliness. That means sites using HTTPS are preferred and ranked higher than sites that don’t.  Earlier this year, Google also announced that they would warn users entering a non-secure pages by displaying a red cross over the padlock next to the URL. These steps show that Google is taking web security seriously and will take action to ensure their  “HTTPS everywhere” initiative is successful.
  2. User trust and conversion rates – When a visitor uses your site, they are trusting you with their personal information and details.  Users are becoming more and more aware of security issues and most will look for the signs of secure browsing before keying in any personal details.  Some users might be put off by a non-secure site, increasingly so if Google starts to penalise non-secure sites by tagging them visually. All this is likely to impact your conversion rates.
  3. Guarding against impersonation – HTTPS ensures authentication of the website and associated web server. This means that no one can impersonate our organisation’s website and serve false content to your users.  Spoof sites impersonate your site and can steal your traffic or worst, serve misleading content to your users on your behalf.
  4. Fending off attacks – Upgrading your site to HTTPS helps guard against potential attacks which could compromise user information. There are two types of attacks: The first is phishing (leading a user from your site to a spoofed site) or delivering malware. This is a broad attack which can be launched from any location. The second is a local attack targeted at someone in your users’ vicinity, whereby they gain access to the traffic on an unencrypted wireless network at an end point – Either web server or browser. This is called Sniffing. Attacks like these could have serious repercussions for your organisation’s reputation. Using HTTPS can guard against these attacks by encrypting data to provide a confidential browsing experience.

Using HTTPS provides 3 main benefits

Authenticity – This essentially tells the user that you are who you say you are, and that the content on your site  is authentic and hasn’t been tampered with in any way.

Confidentiality – Your information remains away from prying eyes as the data is encrypted, and only your browser and the server can decrypt it.  This guards against sniffing attacks.

Integrity – HTTPS protects the data from being modified without your knowledge. This is especially important when it comes to online money transfers for example.

Shortcuts don’t work

Back when it was more difficult to upgrade to HTTPS and organisations were looking for patchwork solutions, some organisations tried to take shortcuts.  But these no longer work. Here are two examples:

Using HTTPS only on a part of your site – Some websites use HTTPS for authentication (log in or registration) only, but this is not enough.  Your whole site must be served on HTTPS to be truly secure. The minute the site switches to regular HTTP, after the user has logged in, it is no longer protecting the user’s privacy or temporary identity (facilitated by cookies), and hackers are getting better and better at making use of this.

Asking for email verification only – Emails are just as vulnerable as credit card details. A site requesting only email authentication is just as vulnerable as one requesting payment details, as email is almost universally used as a password reset mechanism.  Hackers can gain access into an email account, then use it to obtain the password for just about any other website (including websites where purchases or regular payments are made).

Transfering to HTTPS is Easy and Inexpensive

Today, it is easier and less expensive to transfer to HTTPS.  All you need is an SSL certificate which is how the internet verifies that you are who you say you are.

Let’s Encrypt is a relatively new Certificate Authority under the Internet Security Research Group (ISRG).  They offer free, automated, and open SSL certificates, so it is no longer necessary to pay for the certificate or its ongoing renewal.

Configuring it on the site is straightforward and can be done quite quickly.  It is even possible to insert a piece of code that automatically renews the SSL certificate so that it is always kept up to date.

So why not do your part to make the web a safer place for your users?