Why you should switch to https today!

Whether it be Search, Chrome, Gmail, or any other service, virtually anyone uses a Google product sometimes, leaving data. You do not want to think of a situation in which your data will be in the street somehow. That is why Google has heavily invested in securing its services - for example by using https encryption.

Why you should switch to https today!

Google believes that other businesses should do the same to create safer internet. I give you 4 reasons in this blog to start with https encryption today.

Websites that are protected by encryption can be identified by a "lock" in the browser bar. I will save you from the technical details, but in short https is actually the common http protocol with a secure layer, a Secure Socket Layer (SSL) over it. This layer provides encryption of data exchanged through a website. Without this layer the exchange of data is not safe. You can read more about the technical details of SSL in a later blog post.  In this article you will read why you need to start with https today from a less technical perspective.

1. SSL is good for SEO

Google is taking steps with (among others) Google Search and Chrome to stimulate that everybody will use https.  For example, websites that have taken steps to protect data get priority in search results over non-https websites. Https security has been a ranking factor since 2014. Not as important as the quality of content, but still. So SSL gives a slight advantage in the search engines and Google does not exclude the possibility that the encryption factor will be increasingly important. 

2. SSL is good for online reliability

Research shows that users do not consider the absence of a green lock in the browser bar as a security risk. Therefore you will get to see an explicit security alert in your browser bar (from Chrome version 56) when you visit an http website.  The message marks the page you visit as "Not Safe".

Initially this will only be with pages where you are asked to fill in credit card data or where you can login.  For subsequent updates the security alerts will be extended to all http websites. Eventually the warning will be made even clearer by showing a red warning triangle.

This development makes it almost mandatory for every professional website to switch to https. Because do you really want your visitors to be discouraged by warnings when they come to your website? For sure you will lose customers, business, or generate fewer leads because visitors of your website will leave prematurely due to the security risk. This is bad for your reputation. Because if your website is not safe enough, is your product or service reliable? With an SSL certificate you show that you take the privacy and security of your visitors seriously.

3. SSL is mandatory for exchange of personal data

There is another important reason to change: legislation. Article 13 of the Data Protection Act (which will eventually be replaced by EU legislation) states:

"The responsible person takes suitable technical and organizational measures to protect personal data against loss or any other form of unlawful processing. These measures warrant, taking into consideration the state of the technology and the costs of implementation, an appropriate security level considering the risks involved with the processing and the nature of the data to be protected..." Article 13, the Data Protection Act

You could say that it has not been explicitly stated that you have to use SSL encryption when you process personal data on your website.  However, you are required to take appropriate technical and organizational measures to protect data. In order to meet this requirement there is actually only one way and that is using SSL.  Even for a website with only a contact form.

4. Using Https is not expensive

It is a misconception that secure connection is expensive. There are different forms each with their own cost levels; on average a certificate costs between € 25 and € 100 per year. In addition to purchasing a certificate your website needs to be modified so that all links and content are forced to use the https protocol.  Those adjustments naturally imply some work. But all of this is a cakewalk in comparison to the costs of damage to reputation or a fine due to a breach of the Data Protection Act (up to 810,000 or a maximum of 10% of the annual turnover).  Fortunately these fines do not fall from the sky and in most cases you will first get a binding directive that contains a period within which it must be followed. But of course it is better not to let it come that far!

We would like to talk to you about the possibilities of providing your website with a lock and the ‘safe' predicate.