Protect your site and your customers with HTTPS.
It’s never been easier to start a business, and there are plenty of ways to get your product or service out in front of the public at a relatively low cost.
Most start-ups and SMEs understand the benefits of having an excellent website. It’s the focal point that brings in business and encourages customers to buy products or hire services.
One thing many businesses pay less attention to, however, is how secure their website is. In the age of the General Data Protection Act, it’s essential to understand what you need in place to keep both your online business and your customers safe.
A poorly protected website can have enormous consequences. In today’s high tech environment, it’s not ‘if’ but ‘when’ you are likely to be compromised.
That’s why an HTTPS website with an SSL certificate is vital. Here we take a closer look at what this means and how any business can implement necessary security measures whatever its size and budget.
HTTP: vs HTTPS: What’s the difference?
Google changed their rules regarding non-secure websites in 2016.
HTTP stands for hypertext transfer protocol and is the first part of the address line for your website you see at the top of the browser. It was the first and most popular method of transferring data for a long while and is still used by many businesses today.
HTTPS was introduced about 25 years ago as a solution to keeping sensitive information safe, in particular, online payments, and protected from hackers. It stands for hypertext transfer protocol secure and is backed up by various layers of security.
HTTPS uses two main methods to keep sensitive data protected. SSL is a secure socket layer, and TLS is transport layer security. While these sound slightly incomprehensible to the average business owner, what they do is encrypt any information that is sent from one place to another so that it can’t be hacked.
When you head into an online store or business, you can quickly spot that it has SSL certification as you will see the green padlock in the address line and the https designation.
The Importance of HTTPS for your business
Google Chrome alerts site visitors when your site is insecure.
While security is vital, implementing an https website has become even more critical since Google changed its practice and began to highlight any website that is still HTTP.
In the address line, you will immediately see a message saying ‘not secure’. Other browsers such as Firefox and Safari, have also followed suit.
Even if you have a website that does not collect data or take payments, this kind of message can send warning signs to a potential customer. If you run something like an eCommerce store that accepts online payments, lack of an SSL certificate is likely to make most consumers think twice.
Not only that, Google favours sites that have https over HTTP in their search results. You might have better SEO than your competitors but still, rank below them because your site is considered unsecured.
An HTTP address also has the potential to open your site to hacking – that means someone could break into your pages and add malware links. The good news is that switching to https is relatively easy and, in the majority of cases, your host will be able to handle most of the work for you.
The consequences of being hacked
Under the General Data Protection Regulation, your business has a legal duty of care to protect customer data such as financial details. If this is stolen because you don’t have a secure site, you will not only be liable to a fine and sanction, your reputation among customers will be severely damaged.
Just because you are a small business, that doesn’t mean you are less likely to be attacked by a hacker. The truth is that SMEs are more often targeted because they tend to have less robust security systems in place than more prominent corporations.
According to the stats, 43% of cyber attacks are aimed at small businesses, including their websites.
Converting from HTTP to HTTPS: Your quick guide
Switch your site to HTTPS now to avoid being penalised.
In most cases, a site can be converted to HTTPS in a reasonably short period. The first thing you need to check is whether your host can deliver https at all. Most do, but it’s worth checking.
The majority of hosts will also help configure your site once you get your SSL certificate. If they don’t and you don’t have the team on board to do it yourself, it might be time to switch your host.
SSL certificates are not pieces of paper saying how secure you are; they’re data files that add a cryptographic key to your data. When the certificate is placed on your web server, it automatically adds the green padlock and https form onto your website and allows you to create secure connections between yourself and other browsers, typically your customers.
Your web host will probably provide the SSL certificate, and it usually costs around £50 a year (free with AWS Lightsail). You need to have a dedicated IP address (depending on your host) and not a generic one that you share with other users. Once you purchase the SSL certificate, it is first installed and then activated.
One key thing after you have updated everything is to ensure that your customers can connect with you through your HTTPS site. If you have internal links, that means you will have to do some work to update these to https. You can also use a server-side approach to redirect your customers https even if they have the old HTTP address bookmarked on their local browser.
Why websites are not set up and forget
Finally, if you are a small business and you’ve had the same old website for the last three years or more, it is undoubtedly time to have a review to make sure you are still secure. Older sites are more likely to attract security risks and updating your core website, theme, and WordPress plugins (if you use WordPress) regularly is vital.
Summary
Your business credibility and reputation need to have a secure website. Not only does it make customers comfortable with dealing with you online, but it also has a profound impact on your performance when it comes to search engine optimisation.
If your existing website HTTP, it’s time to change to HTTPS if you want to keep yourself and your customers safe.
Remember, we can help move your site to HTTPS and support your ongoing efforts with your website for just €20. Check out our website support and care plans.
