Google is now calling for HTTPS everywhere across the web and beginning to reward secure sites with higher ranking (although website content is still king!)
What difference does the “s” make between http and https websites? For starters:
- A little padlock icon next to the site URL indicating the site is secure
- A site people are more likely to trust, especially those intending to make an online purchase
- Improved search ranking
But what actually is the difference between HTTP and HTTPS?
HTTP is not encrypted and is vulnerable to man-in-the-middle and eavesdropping attacks, which can let attackers gain access to website accounts and sensitive information, and modify webpages to inject malware or advertisements. HTTPS is designed to withstand such attacks and is considered secure against them (with the exception of older, deprecated versions of SSL).
HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user’s computer and the site. Users expect a secure and private online experience when using a website. We encourage you to adopt HTTPS in order to protect your users’ connection to your website, regardless of the content on the site.
Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:
- Encryption—encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages, or steal their information.
- Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
- Authentication—proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.
How do you move your site to HTTPS?
To upgrade your vulnerable http site to the more robust https version, a SSL certificate will need to be purchased and installed on your website. Please get in touch if this is something you would like assistance with this and the team here at KCS Webs can sort this for you.
What other steps should you take to secure your website?:
- Ensure your webmaster has registered the site with Google so they can be notified of any issues/hacking
- Update, patch and validate often
- Strong password, with 2 step authorisation if you want to be super secure. We recommend using longer passwords and not ones that can be easily guessed. Try a tool like Correct Horse Battery Staple to choose a strong password and then a tool like LastPass to securely remember all your passwords for you.