SSL Becomes a Must for Firm Websites


If you’ve been watching the news, you’re well aware of the drastic rise in cybercrime. From major hacks to man-in-the-middle attacks that intercept personal and financial information, data security threats have never been more serious. That’s the main reason Google is making secure socket layers a requirement on Chrome, beginning this month.

Strictly speaking, SSL certificates are still optional for website owners. Pages that don’t utilize the technology, however, will be negatively impacted by a notification that the connection is insecure. Sites that have SSL certificates connect via HTTPS; those that don’t remain HTTP connections.

Up until now, the only way to determine which type of connection a particular page had was by looking at the url. But ever since 2014 Google has offered preferential treatment to sites that have SSL, in the form of a small SEO advantage. Now pages where users enter passwords or credit card data that lack the certificates will bear a label identifying them as “Not secure” when internet users visit them using the Chrome browser.

It’s all part of Google’s push to create a safer online environment and help web users become more aware of data security. The new tags won’t be the end of this effort, either. In the future, Google wants to see all connections use HTTPS, as they describe in their security blog:

Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as “not secure,” given their particularly sensitive nature.

In following releases, we will continue to extend HTTP warnings, for example, by labeling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.

[emphasis added]

Obtaining and using an SSL certificate for your site isn’t difficult or expensive. However, in some cases doing so can involve SEO tweaks as well. These are easily managed with the help of an expert web developer or IT expert, so don’t let potential issues discourage you from moving to SSL where appropriate. Google even offers advice for developers to help them update their sites correctly.

It’s time to get serious about using SSL. Aside from the enhanced security you’ll offer site visitors, the potential SEO and perception consequences of not complying with the move toward HTTPS make avoiding the issue a costly mistake. And while Chrome may be first browser to implement such a program, others are sure to follow on Google’s heels.

Even if you currently use SSL, it’s important to encrypt your site completely and correctly, or your visitors will see the warning from Google. Any pages or elements that aren’t encrypted will result in visitors seeing the alarming “Not secure” tag, which won’t encourage them to explore and linger on your site.

SSL isn’t too difficult, and it’s becoming more critical to your firm’s web presence. Read up, reach out or do whatever you have to in order to ensure that your site is fully compliant with Google’s new policy regarding secure websites.

originally published on Marketing Ideas for CPAs

Posted in

Sarah Warlick

Sarah Warlick founded Proof Positive Content to provide professional service firms with high-quality content that resonates with their target audiences. Sarah's writing appears in books, on the websites of over a dozen Top 100 Accounting Firms and in Accounting Today, Forbes and other leading publications, but usually under another name. Ghostwriters rarely get the glory - their clients do!