74% of consumers would not feel comfortable visiting a site without HTTPS
In 2018, the World Wide Web crossed a critical threshold: over half of the most popular websites were encrypted. This was the result of years of consolidated effort by large tech organizations including Google, Mozilla, Cisco, Electronic Frontier Foundation, and many others. This number has only gone up since then, currently estimated at over 80 percent. So what exactly does HTTPS look like? Depending on what browser you use, it can look different, but is generally indicated by a small lock you may or may not have noticed in your address bar. You can see the difference with and without encryption here:
According to TechTerms, the Encrypted Web is defined as “Many websites and other online services encrypt data transmissions using SSL. Any website that begins with ‘https://,’ for example, uses the HTTPS [Hypertext Transfer Protocol Secure] protocol, which encrypts all data sent between the web server and your browser. SFTP [SSH File Transfer Protocol], which is a secure version of FTP, encrypts all data transfers.”
You’ve probably heard warnings about being careful using public Wi-Fi such as in a coffee shop or airport. This is, because whatever you send or receive online data can be sniffed, or intercepted and read, by both bad anyoneactors and/or neutral parties. Hypothetically, this could include personal information, credit card or payment data, or user credentials. This is just one component of what standards such as PCI-DSS (industry prerequisites regarding payment systems) and HIPAA (government regulatory rules around medical data) are intended to protect against. Keep in mind this is distinct from data-at-rest, such as files residing on a hard drive on a server.
Encrypting via SSL does not necessarily stop the traffic from being collected, but it will be encoded rather than readable in plain English. Deciphering the contents would be challenging if not impossible. You are ultimately responsible for your own online security, which is a compelling reason to add your own layer of encryption such as a VPN and the reason most corporations enforce such practices to protect their business data. If this is a concern or you have not taken such measures, we recommend consulting your IT provider or contact LyncStream and we can help with a solution.
So how important is having the HTTPS “seal of approval” on your website? We asked our online community via social media, and only 24% of respondents indicated they feel secure when visiting a website that is not encrypted. In the most basic terms, there are cases (for instance those which don’t fall under compliance requirements) when encryption is not “necessary.” It all boils down to what you are transmitting. Your marketing website, as an example, may not be consuming or displaying healthcare or personal information, but do your website visitors, who are taking the time to read your content, deserve the extra effort necessary for you to add HTTPS to the address bar? In most situations it is a fairly low burden to implement using today’s technology such as Let’s Encrypt. Even if all you are collecting is basic contact information, they are entrusting that data to you from the time they enter it in the browser to the time it reaches you. If you want to earn their business and have them engage with you, every generally accepted protocol to prevent a potential breach or lawsuit should be taken.
Search Engine Ranking
There are a myriad of factors and metrics churned by algorithms when a user types a term or phrase into the search bar before spitting out the results. In 2014, iIn an effort to boost the broadest adoption of HTTPS by websites, in 2014 Google added encryption to those computations. 2 This means your website will rank higher in search results if it is using HTTPS than if it is not. Getting more eyes on your website and ranking higher than the competition is usually the reason youmany have a website. Said another way, part of your online sales strategy should be to eliminate anything that detracts from or impedes traffic to your site – whether it’s ecommerce or information about your offerings. You are being penalized for not encrypting your site, but this can be easily remedied in most cases to maximize the likelihood of success and improve traffic to your website.
In summary, not using HTTPS places your domain in the minority (20%) of sites on the web. In such a competitive landscape as the online world, any perceived deficiency is a weakness, both operationally and potentially in sales volume. Using an SSL certificate is just one component of a comprehensive defensive strategy and meant to make sure you are getting the most out of your web presence. There are many options and types of encryption to be discussed. You can share this article with your website consultant, or contact LyncStream to implement a solution.