Google Will Drive Traffic to Secure Websites With New Security Standards

So you are surfing the internet on a bright sunny day. The kids are playing in the back yard with Bucky the Golden Retriever. Your wife is in the kitchen baking cookies. All is good with the world. If Norman Rockwell was around, this could have been his next American Classic – “Dad On The Internet.” However, there are new security standards.

A Perfect Day… Until You See “Website Not Secure”

You go to the same website you have been going to the for the last 3 years. However, as soon as you get there a big warning message takes over your screen “WEBSITE NOT SECURE”. Bang the Norman Rockwell scene vanishes from your home in a matter of seconds. The dog goes nuts and there is a burning smell coming from the kitchen as a shadow falls across your computer screen.

THE WEBSITE IS NOT SECURE – so what does that actually mean?

For the average user on the internet a warning that the website is not secure is the END OF THE SESSION on that website. It doesn’t matter if there is a good explanation or not for this warning – it simply stops the user in their tracks as the fear of what could happen simply supersedes any need to use a website.

Google’s Take on Website Security

For Google it will mean that the website is not using an encryption connection. In plain English, this means the session between your computer’s browser and the server where the website resides is potentially accessible to other parties who could access your valuable information (or not so valuable information) pending what you are doing on this website. Please note the word “potentially” and this potential risk could be high (OR) low pending where you are accessing the internet. If you are on an open public network you probably have more chance of your information being intercepted than on your business or home secured wi-fi. Keep in mind we have been accessing non-secure website since the web was invented – but of course with no warnings.

What About Checkout Security?

We have also used encryption on websites before in particular when we check out of an online shop. Several of the websites we manage are encrypted completely (no matter where you go on the site the data is encrypted). However, quite a few websites we manager have secure server. But, it only engage it for checking out of a store or sending sensitive data. (as that is obviously the most important data to keep secure). Unfortunately this will not satisfy Google’s new plans.

So I need a Secure Server Certificate to Secure My Website?

Secure Server Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol, allowing secure connections from a web server to a browser. (Boring as crap I know but you have all seen the Gold Padlock before indicating you were secure). Currently, unless a call goes to a Secure Server Certificate that has expired (or is not working correctly), you would not be told the website’s connection is not secure…

GOOGLE IS ABOUT TO CALL OUT ALL WEBSITES THAT ARE NOT SECURE!

BUT that all changes in 2017 when Google will start calling out all websites that are not secure. That means ANY website that is not running secure server certificate on ANY page on that website is going to produce this warning flag. It is actually going to be chaos in my opinion. So many websites will not be secure according to Google. But regardless of the initial chaos, I have no doubt that the users will stick to current behavior. They will not use any site that is flagged as not secure and no doubt any of the website that are fully secure will gain more traffic in the short term (as everyone else catches up).

How Bear Web Design Is Preparing for the New Security Standards

Bear Web Design’s own website has been secure server certificate fully for several years now (actually setup in relationships to PCI Compliance – a credit card / banking requirement). Unfortunately, there is an annual cost to having a certificate, updating the certificate to the website, and then making the website fully secure in all calls. Based on what we see coming, we will be contacting all our clients to identify those costs. As well as the timing involved in adding the secure server certificate to their website before 2017. This makes sure they don’t lose traffic (and maybe) gain some web traffic in 2017!

Need Help Meeting the New Security Standards?

If you have any questions about this new initiate of Googles please contact me or call me at 615 504-6845. I would be glad to discuss and provide help if  needed!