Is Your Website in Danger of Being Labelled Not Secure by Google?

20 September 2017

Secure laptop

To check if your website is in danger of being labelled “Not Secure” by Google, you first need to answer the following question.

Does your website have an SSL certificate?

If yes, then you are all set for October 2017 and Google’s change in policy.

If no, and your website has the ability to collect the type of information listed below, then from October 2017, Google will display a “Not Secure” warning message to any visitor who starts to type information into your website.

Information a visitor may type into your website includes…

Passwords
Credit Card Details
Bank Details
Dates of Birth
Email Addresses
Product Search Information
Contact Details
Personally Identifiable Information

Why is Google doing this?

Google’s reason behind this is to bring more security to the internet, as a result passwords, bank and payment details will no longer be the only types of private data. So with effect from October 2017, any type of information a visitor keys into a website will (in the eyes of the search engine giant) will need to be securely protected by way of an SSL certificate and HTTPS.

“Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the “Not secure” warning when users type data into HTTP sites.”

Emily Schechter
Chrome Security Team

Plus as a result of the policy changes being made by Google, your business may even receive an email like this one…

Google for blog

However if you do receive an email like this from Google, it will be clear indication your websites needs an SSL certificate and to make the transition to HTTPS.

Why does my website need an SSL certificate?

Google is genuinely concerned, as any data sent via HTTP and without SSL certification is at risk of being intercepted. Therefore neither you nor your visitors can be sure the data or content being exchanged has not been tweaked or hijacked by an unauthorised third party.

An SSL certificate enables your website to connect and operate securely via HTTPS.

With HTTPS, only legitimate content published on your website can be viewed by a visitor and, in return, any information a visitor chooses to type into your website, can only be seen by you. Therefore, without SSL certification and a secure HTTPS connection, customer data and digital content is at risk of being attacked.

Not only does an SSL certification protocol (Secure Sockets Layer) ensure your visitor only communicates with your website, it also…

Encrypts the data
Prevents the data being seen by an unauthorised third party
Builds customer trust

What is the difference between HTTP and HTTPS?

Both HTTP (HyperText Transfer Protocol) and HTTPS (HyperText Transfer Protocol Secure) are languages for passing information between your websites web-server and the visitor’s browser.

However HTTPS is a secure connection and HTTP is not. So as we mentioned, with a standard HTTP connection, it is possible for an external party (such as a hacker) to observe the conversation between the visitor’s device and your website. If your visitor submits information via your website, the HTTPS connection will send the data securely.

Does my website really need an SSL certificate?

If your website does not obtain an SSL certificate, from October 2017 Google will display a “Not Secure” warning message to any visitor who starts to type information into your website. This will not only cause concern for your potential customers, but make your website look untrustworthy and lead to an increase your bounce rate and a reduction in your conversion rate.

Plus even though data encryption and protection is the biggest advantage of SSL certification, it’s not the only advantage.

HTTPS websites load significantly faster than HTTP, and as you will see from our article The Importance of Web Site Load Speed this can have a serious bearing on where your website appears in the search engine rankings. An SSL certificate also adds legitimacy, and confirms your website is a bona fide business.

In 2014 Google recommended company’s started making the switch to HTTPS; however it wasn’t until the search engine began ranking HTTPS websites above non-secure sites that large ecommerce companies began to make the switch.

How do I get hold of an SSL certificate?

Speak to the specific web developer who takes care of your website about purchasing an SSL certificate.

They will then use their expertise to set-up your acquired SSL certificate by carrying out the following steps…

Running a full backup of your website
Changing all your internal and external links
Creating a 301 redirect
Updating your URLs on Google
Updating any paid ads including AdWords
Updating your social media profiles
Ensuring your Google Analytics migrates correctly

Plus your web developer will systematically check all your website content to ensure it meets with SSL certificate approval.

Will my SSL certificate expire?

The short answer is yes. However your certificate will have an expiry date and will need renewing. Of course going forward your web developer will need to ensure each new SSL certificate is installed correctly.

When should I speak to my web developer?

With the October 2017 deadline almost upon us, due to the amount of technical work involved migrating your website from HTTP to HTTPS, the sooner you speak to the developer who takes care of your website the better. Especially when your website won’t be the only one making the switch.

With Google wanting SSL certification to become a web standard, to ensure your website isn’t labelled “Not Secure” by the search engine giant, speak to the web developer who takes care of your website about acquiring an SSL certificate and making the migration from HTTP to HTTPS.