I’m sure you all already know how HTTPS works, but for the uninitiated, HTTPS works by adding a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption layer to the basic HTTP protocol. This means that clients and servers are still speaking the same ‘language’ to each other, but all requests and responses are encrypted before they are sent and then decrypted at the other end.
This means that there is less chance of those messages, and crucially the information contained within them, being intercepted and exploited by unscrupulous parties. More and more people are now using online services to do their banking, buy their shopping, book holidays and make other transactions that require them to share sensitive financial information and the sort of personal information that can be used to steal a person’s identity. Therefore, it is vital that the websites processing this information ensure the channel being used to send and receive the information is as secure as it possibly can be.
However, it is a misconception to think only sites that take a user’s personal and financial details need to protect the communications that take place between their sites and a user’s browser. All the information a site sends to a browser – cookies, HTML code, scripts, etc – can also be intercepted and tampered with.
Hence, HTTPS also helps to prevent other parties from being able to intercept and tamper with the rest of the information being sent from a site to a user. These other parties can range from wholly malicious hackers seeking to install malware, ransom ware and spyware or trick users into giving them sensitive information all the way to reputable organisations seeking to insert their own adverts onto the webpage presented to the user.
While the latter may be relatively harmless and there is no ill intention other than trying to sell their products or promote their service, inserting adverts into a user’s experience is still an intrusive practice and it can be very disconcerting for users to feel that they are being ‘followed’ from site to site by an advertiser. This, in turn, can make users lose trust in certain sites if they feel that their browsing history isn’t secure and being kept away from those on the web whom they don’t trust. Ultimately, users are becoming increasingly concerned with both the security of their personal information and their personal privacy, and this includes the privacy of their browsing sessions.
I would argue that the above means it is also harmful to a business’ reputation not to secure your site with HTTPS. As I say, users now want to know that both their information and their browsing sessions are secure when they visit your site or else, there is a risk they won’t trust your site. If they don’t, there is also a risk that they won’t trust your business either and may think it is disreputable.
Furthermore, for those concerned about their search engine rankings, Google has also revealed that it gives a ranking boost to those using HTTPS protocol to secure their website. According to Moz, unless your site is listed in the top four of a search engine results page, it will have a click-through rate of less than 2%. Therefore, Google, which accounts for around 80% of all searches, is saying that they priorities a secured site over an unsecured site. Essentially then, if you’re operating a site that only uses HTTP protocol, you are immediately at a disadvantage and have given up ground to your competitors who are using HTTPS.
Thus, it makes sense to secure your site by using HTTPS – users’ personal details are safe, but they also feel more secure as other information that can be used to track them, such as their browsing history, has also been kept secure away from potentially unscrupulous parties. In addition, securing your business website with HTTPS should also help to instil trust in your business among site users too. Finally, the biggest search engine with the vast majority of all searches will also give you a boost in their rankings. Arguably, a higher ranking in Google, and other search engines, should also help to further instil trust in a business among consumers too, as, buy ranking a site higher in its’ SERPs, a reputable and trusted brand such as Google is effectively saying to its’ users ‘this is a relevant and trustworthy site’.
Some people will argue that a site using HTTPS is slower than one using HTTP protocol. However, the effect is marginal and barely noticeable to the vast majority of users. Additionally, some will also point out that it is a further cost to a business to have to buy and renew SSL certificates. The security and reputational benefits will far outweigh any financial cost in the long run though.
For these reasons, and more, if you haven’t already, you need to move your business’ website over to HTTPS protocol.
Guest Author: David Midgley is Head of Operations at payment gateway provider Total Processing.