It’s time to go home for the night. You power down the computers, turn off the lights, arm your security system, and lock the doors. After all, it’s important to keep your premises safe, right?
But your building isn’t the only place where things can go “bump” in the night…
Do you know what’s happening to your website – your online premises – and all the data your customers may be uploading at any hour of the day or night? If your site isn’t secured by “https://…”, it could be anything. Now that’s a scary thought; especially in light of all the new privacy regulations flowing out of the EU’s GDPR and upcoming California Consumer Privacy Act (CCPA) and New York Privacy Act (NYPA) requirements.
What is “https://”?
Once upon a time, when we looked at a web address, it would simply start with four letters: http. Now, as more of our lives have moved online, the Internet has transitioned to https – meaning each site, and the data it contains and shares, is secure and encrypted.
As we move into the third decade of this digital century, online security and data protection are paramount. Securing your website with “https” should be a critical part of developing a wider data security plan for your business.
What’s it all about?
The extra “s” makes a big difference. If you are sending sensitive information over an ordinary http connection, anyone can eavesdrop on that information and use it for their own purposes. That one letter tells you your information is protected. It also keeps your browsing habits private – in the US, ISPs can track your browsing history and sell that information to advertisers; they can even modify the content in the sites you visit.
Such is the strength of the movement toward using https, browsers like Google and Bing are actively penalizing http-only sites by lowering their search ranking positions in lieu of https ones.
If your web address is still in http land, it’s not only your ranking that will suffer. You’re at an increased risk of other players “out there” impersonating your site, drawing customers away, or worse – taking (and selling) their information in your name, ruining your reputation in the process.
An unsecured site is more susceptible to data breaches, and to hacking – leaving your customers, suppliers and staff vulnerable.
Spot check: How secure is your government?
We speak with thousands of companies and organizations around the world. When we looked up their websites between March and October 2019, we were surprised to see that some of the biggest brands on the Internet were not using https.
So, we decided to do a little research into other big brands and US state government departments to see how well they were faring on the “https” scale. The results were mixed, which isn’t really the example we’d like them to be setting.
In particular, we produced an aggregate report to grade US State departments to confirm their website https status. Collectively, the results across all state governments were worrying, particularly given the departments impacted.
While no one failed outright, and there has been improvement since the beginning of March 2019, we suspect there’ll be some departments heading to https camp as we head into 2020…
You can see how your state fared by downloading our state-by-state report card document. We graded them simply as “Pass” or “Fail” and were pleased to discover some states got full marks.
Need more convincing?
The bottom line is this: If you’ve got a website, you need an https security certificate. It doesn’t cost anything to make the change – just talk to your site host or ISP. Today! And keep your online business front as secure as your bricks and mortar one.