You may have heard about TLS or “Transport Layer Security” (also commonly referred to as SSL), a security protocol that ensures communications between your website and server are encrypted and can’t be intercepted. With big companies reporting data breaches seemingly daily (everyone from Facebook to Target to Verizon at this point), it’s no wonder your customers are increasingly concerned their sensitive data is secure.
But if you’re not really selling directly through your website, do you need to go HTTPS? The short answer is YES. Here’s why…
Why you need a secure site
It’s no secret Google has made security a top priority over the past several years. Part of this process includes a focus on making sure websites accessed through Google (so, pretty much all websites) are secure. Thus, in 2014, Google introduced an initiative called “HTTPS Everywhere.”
While this HTTPS protocol isn’t mandatory (yet), not going HTTPS will increasingly affect your customers’ ability to gain access to and interact with your website.
If your site doesn’t have a TSL/SSL certificate installed, your customers may receive a warning, letting them know your site isn’t secure. This will come in the form of a notice (a red triangle with an exclamation point) in the URL bar as they search, if they use the popular Chrome browser. Since Chrome users account for 53.9% of the browser market worldwide with 2 billion installs, chances are high your customers are using it as their primary window to the web. While they can still access your site, the warning is certainly off-putting, causing your prospects to navigate away from your site before you’ve even had a chance to impress them.
The decision to add TLS to your site is one to undertake with care. While it’s not a major site overhaul, it IS a process that requires IT expertise and careful implementation, especially when handling sensitive information.
Does every business need a secure site?
If you sell products and take credit card information on your site, then you absolutely need to move to HTTPS ASAP. You may not need it for all pages on your site, however. You could simply opt to install a security certificate for your storefront and checkout. If you use a third-party payment processor (like PayPal, Square or Cash App) you may not require TLS as urgently, since you aren’t directly accessing customer’s payment information, but it should still be a priority.
Other times you need a secure site? If your website requires membership access. For example, if customers subscribe or log in to their accounts with a username and password. You also need to keep customer data safe if they’re including any sort of personal information on your site. This might include photos, reviews, reservations, endorsements, their business name, GPS location…or any other personal data you might be storing on your site.
The only time an SSL/TLS is optional is if your website is a straightforward, information-only site. Do customers simply visit your site to read your blog? Do they only access your site to find information about your services and hours? In this case, the security protocol is optional for the time being. However, due to the increasing chance of your readership encountering a browser or security software warning and the fact that HTTPS protocol will soon be required by Google and other entities, we still recommended moving to HTTPS.
The positives of using a security certificate on your website include:
- Protecting customers’ sensitive data
- Reassuring customers that your site is safe (no warning on Chrome or elsewhere)
- Your business appears up-to-date and tech-savvy
How painful is the switch to HTTPS?
In most cases, making the switch to HTTPS and installing the security certificate is relatively painless. There are steps your webmaster should take to properly implement HTTPS, including setting up proper redirects (301s) and canonicals, ensuring all of your internal links transition, protecting social sharing data (if needed), and more.
These aren’t challenging problems for an experienced web developer but there are enough variables that implementation should be handled by a trained expert to save you headaches and heartaches down the road.
To make the switch, you’re looking at a small yearly cost to purchase the certificate (typically under $100, depending on the size of your business site). Plus the cost for an experienced webmaster to spend a few hours setting up and ensuing the site transition was successful. Be aware there can be issues that could arise during the switch, but for the most part, it’s a relatively easy project for a trained expert.
At the end of the day, updating your site to an HTTPS probably won’t make a huge difference in your search traffic or customer response—right now. Your biggest draw, as always, comes from great, relevant, customer-centric, regularly updated content.
However, providing customers with the peace of mind that comes from a secure, certified site is worth the effort. Beginning June 2018, Google will mark all HTTP sites as “not secure” with the release of Chrome 68. If you’re looking for motivation to transition your site, now’s the time. Keep your customers data secure and the internet safer for all!