Is Your Website HTTPS?
January 15, 2019
I’ve spent the past few weeks working on ADDAPT’s website, mainly updating data. And I’ve been visiting a lot of the websites of our member companies collecting some of that data, and it got me thinking about things that can be done to make all our business websites work a bit better. Even if your site improves by 1% that can translate to a new customer, a little more penetration into your market, a few more $$. So, for the next group of ADDAPT newsletters, I’m presenting some thing that you might do to make your website a little bit better.
Is your site HTTP or HTTPS? It should be HTTPS.
Go to your website, look at the area at the top where the URL or web address appears, and check to see if there’s a padlock symbol showing up. It should look like this:
If you see that, you’re fine. It might not look exactly like that, it might be more plain gray, like this:
If you don’t a padlock of some sort, your website is not secure. You can fix this in a few minutes by sending your ISP (Internet Service Provider) an email and telling them to install an SSL Certificate. It should be free, and usually doing just this will give you a padlock.
You can stop reading and call your ISP right now, or you can keep reading and I’ll explain what is going on and why this padlock thing is actually VERY VERY important.
What is the Problem?
That padlock means is that a website is using https, which means Hyper Text Transfer Protocol Secure. In plain English, it means the data flowing between your browser and the website is encrypted. So, in the event of a hacker breaking into that data stream, the information in it will be unreadable to them. What sort of information might that be? Credit card numbers, passwords, bank balances, addresses (email and snailmail)… the kind of information hackers love. But if the site is https, it makes it much much harder for that information to be stolen.
However, if a padlock doesn’t come up, the website isn’t using https, it is using an older protocol, http, which isn’t secure. And that means the data between the browser and the website isn’t encrypted and hackers can read it as easily as you can read these words I’m writing.
Take Away Number 1: Security is always important
If you are browsing around the web, and you don’t see padlocks by the url, then you should not be entering passwords, or giving out credit card numbers, or anything else you don’t want people to know.
I know some of you are thinking, “My website isn’t taking credit card numbers, there are no passwords to use it, so this doesn’t apply to me.”
Actually, it does.
Websites often send data to the browser that reveals information about how the website has been constructed, how the server operates, etc., and a hacker could use that data to break into your website.
I know some of you are thinking, “Why would anyone hack me? There’s nothing on my website that’s valuable. We’re a job shop. There are pictures of machines.”
Actually, there is something valuable on your website: its address, its connection to the internet, and the space on the server that hosts your website.
Hackers can use your website to send SPAM emails, to attack other websites, to basically involve your website in criminal activities that could get your website blacklisted. If that doesn’t scare you, how about hackers installing ransomware that locks out your website and perhaps systems in your business that are communicating with your website, which they won’t unlock unless you pay them thousands? Here’s something worse: How about hackers uploading and hiding kiddie porn on the server hosting your website? And then they can blackmail, or if your hosting company finds the kiddie porn they have to report it to the FBI… still feel it doesn’t apply to you?
Take Away Number 2: It’s bad for business
From a strictly business standpoint, a site that isn’t secure is bad.
Google ranks websites, and the higher the website ranks the better the chances are it will show up when someone searches the web. Google LOWERS the ranking of websites that aren’t https. So, if your site isn’t showing that padlock, Google is dropping your site lower in the search results. That’s bad business.
And when someone visits an insecure website, they might look up at that URL and see this:
(By the way, these are websites of some ADDAPT members – I blurred out the addresses)
You don’t want people visiting your site and seeing its not secure. It would be akin to someone visiting your facility and the front door is wide open and there’s no receptionist to be seen anywhere. And many ADDAPT members deal with customers that have tremendous security concerns. Can you afford to have a website that isn’t showing a padlock?
Take Away Number 3: It’s easy to fix
Fortunately, it is really easy to get your website https secure and get your own green padlock. For the most part, all you have to do is contact your ISP or your “web guy,” and tell them to install an SSL certificate on your website. Generally, your ISP will do this for free, although some, like GoDaddy, figure out ways of charging you.
Now, sometimes, depending on how your website was built, you might need to do more than just adding an SSL certificate. There might be some things that have to be changed in the code. This shouldn’t be that big a deal either, although you might have to pay a developer to get involved. I know when I’ve had to fix https issues it’s taken me less than an hour, so it isn’t a big expense.
So, for 2019, let’s begin the year with a secure website. Take a few minutes to check if you see that padlock, and if you don’t, take a few minutes to send an email to your ISP or IT department, or whomever watches your website, and have them install an SSL certificate.
Luke DeLalio is a web developer and web marketing consultant.