Google Challenges Businesses to Embrace HTTPS Web SecurityPosted by
Google’s push to make HTTPS website encryption standard across the web is about to force some businesses to lift their security game.
If your business website allows customers to log into an account or enter payment details then you certainly already use HTTPS for those web pages, creating a secure encrypted link to ensure this sensitive information isn’t intercepted in transit. Now, Google is on a mission to ensure all websites use HTTPS, to combat online eavesdropping and data tampering. It also helps fight scammers who try to trick you into visiting spoof websites, masquerading as banks and other sites where you’re likely to enter information worth stealing.
HTTPS works by creating an encrypted link from your browser tab all the way to the website you’re visiting, indicated by a padlock icon alongside the URL. This isn’t the only way HTTPS helps keep people safe online; it also relies on signed digital certificates that allow websites to prove they are authentic, so you can connect to your online banking with confidence that you’re looking at the real site.
Browsers warn you of invalid security certificates, helping to keep you safe if you’ve fallen victim to a phishing scam directing you to a spoof website. The security of HTTPS also foils man-in-the-middle attacks, where third-parties attempt to silently listen in on your data – or even alter that data – while surreptitiously relaying traffic between you and a supposedly secure website.
Google intends to step up the warnings in its popular Chrome web browser to highlight the security implications of any website that doesn’t employ HTTPS. While this is good news for end users, it will present challenges for businesses.
Right now, Chrome displays a subtle “I” icon alongside HTTP web addresses in the URL bar. Clicking on this icon explains that any data you enter into this page could potentially be intercepted. As of October 2017, Chrome will label all HTTP pages as “Not Secure” as soon as you start to enter any data into the page. This is going to force all kinds of business websites to upgrade to the extra protection of HTTPS to reassure customers that they’re serious about privacy and security.
Thankfully, Google offers extensive online resources for businesses looking to embrace HTTPS, while implementation costs have also become much more affordable. It’s worth doing your research to weigh up the different encryption options and choose the best one for your business.
Google recommends employing HTTP Strict Transport Security (HSTS), which tells the browser to request HTTPS pages even if visitors enter an HTTP address, plus it tells Google to serve secure web HTTPS links in the search results. You can also opt for an Extended Validation security certificate, which displays your business name in the browser alongside the security padlock. They’re commonly used by banks to give customers extra peace of mind that they’re visiting the authentic website.
If your business website doesn’t employ HTTPS, then it’s time to start planning your upgrade before Chrome’s new security precautions come into effect.