When Should Your Business Upgrade to HTTPS?

Google is on a mission to make the web more secure, and it could be affecting the way patients view your business.

At the beginning of 2017, you may have noticed that when browsing some web pages you received warnings of websites not being secure. Starting in January, Google started warning visitors of websites that pages were not secure.

I have heard rumors for a long time about HTTPS vs HTTP. But, I never really quite understood what the big deal was, and why it was important to have an HTTPS at the beginning of your URL. So, over the past couple of days, I have done a little research to help myself (and now you, because you are reading this) understand what HTTPS is and why it matters for business websites.

Before we dive into HTTPS, I wanted to make sure that we flush out what regular HTTP is:

What is HTTP?

HTTP stands for Hypertext Transfer Protocol (good thing they came up with an abbreviation for that mouthful). Without getting into too much detail it is the system that allows for the transfer of information and data from a website to a web browser (i.e. Chrome, Firefox, Internet Explorer, and Safari) on your personal computer. With regular HTTP the data is sent as plain text, so if the information being transferred was intercepted, it would be very easy for hackers to gather that information and do "bad things" to it (like all hackers do).

What is HTTPS?

HTTPS stands for Hypertext Transfer Protocol Secure. Basically, what that means to everyday consumers is that the information they are sending over the internet through the website they are on is encrypted and therefore more secure because it is much more difficult for hackers to get a hold of.

If you want to get into more of the technology behind HTTPS I would recommend reading HTTP vs HTTPS - what's the difference? by Easy News

How do I know if my site is using HTTPS?

Secure or HTTPS Websites

The exact method a browser uses to notify users of secure and non-secure websites varies, but for the most part, if the website you are on is secure you will see a locked padlock icon.

Non-secure or HTTP Websites

If the website you are on is not secure you will see a notification icon that is usually an exclamation mark.

6 Reasons you should consider upgrading your website to HTTPS

1. It will make your website faster - How much faster? Up to 93% Faster! This website does a real-time comparison so you can see the difference between HTTP and HTTPS. The reason for this is that websites that have already been certified as secure are funneled directly to the user. HTTP websites usually have to be cached, filtered or scanned to be viewed by a user. (Source: easynews.com)
2. It protects your customer's information - If you have web forms or online payment options on your website for your customers, this is much more important for you. Not encrypting data that is submitted over your website is putting your customer's personal information at risk.
3. Not switching to HTTPS can hurt your Google ranking - While the actual impact at the moment is relatively small, there are rumors that Google will begin penalizing non-HTTPS websites more and more as more websites make the jump.
4. You are going to have to upgrade your site eventually - One thing is for sure. When Google says that it is planning on making the internet more secure by transferring all sites to HTTPS, "failure to switch is just postponing the inevitable," according to an article in entrepreneur.com
5. It's not that difficult for small sites - If your site is less than 50 pages, this is a relatively easy upgrade for your developer. If you want step-by-step instructions, see below.
6. You are losing customers - While Google is already notifying visitors by placing a small exclamation mark next to the URL bar in Chrome, they have already begun warning visitors in more detrimental ways such as prompting the user with a full-screen warning (see below). If you saw the warning below, would you continue to the web page you were attempting to visit?

Conclusion

You can probably get away with not encrypting your website for a little while longer (potentially even a few more years). But, making the change sooner than later will make sense for a lot of businesses because it protects your customer's information, and it will give you a leg up on all your competitors that are slow to adopt. By making your website load faster, and giving you a little boost in Google Rankings.

Keep in mind, switching your website to HTTPS is something you will inevitably have to do.

How to convert your website to HTTPS

These directions are copied for your convenience from the blog on entrepreneur.com, HTTPS: What's the Difference and Why Should You Care?

If you are familiar with the backend of a website, then switching to HTTPS is fairly straightforward in practice. The basic steps are as follows.

1. Purchase an SSL certificate and a dedicated IP address from your hosting company.
2. Install and configure the SSL certificate.
3. Perform a full back-up of your site in case you need to revert back.
4. Configure any hard internal links within your website, from HTTP to HTTPS.
5. Update any code libraries, such as JavaScript, Ajax and any third-party plugins.
6. Redirect any external links you control to HTTPS, such as directory listings.
7. Update htaccess applications, such as Apache Web Server, LiteSpeed, NGinx Config and your internet services manager function (such as Windows Web Server), to redirect HTTP traffic to HTTPS.
8. If you are using a content delivery network (CDN), update your CDN's SSL settings.
9. Implement 301 redirects on a page-by-page basis.
10. Update any links you use in marketing automation tools, such as email links.
11. Update any landing pages and paid search links.
12. Set up an HTTPS site in Google Search Console and Google Analytics.