When a secret agent on TV makes a phone call they ask their HQ “is this line secure?” meaning they want a phone line that’s ‘scrambled’ so no-one can listen in to their call.
Around half of all websites offer a similar type protection [1] when people type in their information (credit card numbers, for example), and around half don’t. But many people don’t know how to tell, and what the implications are in each case.
This article explains how you as a user can tell if a site is website has a secure connection and why, as a site owner, you should ensure that yours does.
Firstly, as a user you should look out for the green padlock or the website prefix ‘https://’ (rather than ‘http://’). This essentially means that everything between your web browser and the receiving website is encrypted (with SSL or TLS) so if for example you’re on a public (or fake) Wi-Fi network people can’t listen in and intercept your private information. If you’re entering anything sensitive (such as passwords or credit card information) it’s imperative that you check for this padlock.
It’s worth noting that the presence of a padlock does not guarantee that you’re safe. You still need to be sure that the people behind the website receiving the information are who they say they are, are trust-worthy, and have decent security protocols in place. Just like a secret agent may get his secret message through, but if the HQ are corrupt, or they don’t keep his message a secret, the protection was futile.
As a website owner there are three main reasons why you should have a secure website:
- Very soon the top web browsers such as Google’s Chrome will not only show a green padlock if a website is secure, but will warn (and worry) users to all websites that aren’t. This has already started with those asking for personal information, but will slowly roll out across all websites [2].
- Google use this as a ranking signal for a website’s position in search engine results. Effectively rewarding websites that are secure. So if search engine optimisation (SEO) is of importance then this will help.
- It’s good practice to keep your clients’ information secure in transit, and doing so on your website sends out a positive message about you and how you manage your data.
Although the SSL or TLS protocols have been around for a while (SSL being introduced in 1995, and TLS being its successor), it’s only recently that they have been pushed so much outside of payment and highly secure systems.
The benefits listed above are fairly subtle at the moment, meaning that you’ll only gain slightly in Google’s search results, and Chrome doesn’t give users a nasty warning yet… but Google are pushing for Internet-wide secure websites, and they’re going to become increasingly important.
The good news is that they’re usually relatively low cost to install and maintain.
If you need to know more, please get in touch.
We are Webbed Feet, we are experts in website security
[1] https://www.wired.com/2017/01/half-web-now-encrypted-makes-everyone-safer/
[2] https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html