For over 20 years, our team at Morgan & Co. has built digital journeys and delivered audiences to our clients’ websites. In our opinion, having the best possible website experience for your customer is non-negotiable. We see first-hand how a well built and managed website can make all the difference in terms of providing a quality user experience, engaging with your audience and running a profitable business.
With that in mind, we want to bring attention to a major change headed your way. By the end of this summer tens of thousands of websites are going to find themselves labeled as unsafe unless they migrate to HTTPS. In fact, when we relaunch morganandco.com later this year, we’ll be sharing content using HTTPS. While you don’t have to launch a new website to increase security, here is why we are making our site more secure and why yours should be, too.
The difference between HTTP and HTTPS, and why the “S” is necessary
HTTP stands for hypertext transfer protocol. It is the standard technology that allows communication between browsers like Safari, Firefox, Edge and Chrome, and web servers where websites are stored and operate. That one little “S” in HTTPS means Secure, and it makes a big difference. Have you ever noticed a little green padlock in the address bar of a web page? Most browsers use a format that looks something like this to show viewers a website is secure.
This means the web page has been made secure using encryption technology and certified as a secure environment. Without encryption, third parties have an easier time hacking into a site to take and use information being collected; like when you fill in a form, share personal information or provide your financial data. Historically, HTTPS connections were primarily used for payment transactions and handling sensitive information like social security numbers and financial data. Now they are used for safeguarding conversations and all forms of personal information being shared online.
Security certificates – What do they do?
The padlock image next to the word “Secure” contains additional information about a website’s security and certificate.
Security starts with checking your website’s ID. It’s kind of like showing your ID at the door to gain admittance to an event. Once a website is validated, it is on the way to getting an encrypted connection. Security certificates can be purchased by a variety of vendors. A more expensive certificate isn’t always better, but be sure to use a reliable source. Price also comes into play when you look at certification types. There are three fundamental levels that offer different levels background checks and features.
|Security Type||Good For||Verification Entails||Time to Authenticate|
|Domain Validation||Basic sites and individuals that do not have online sales.||Domain check and email verification.||Minutes|
|Organization Validation||Standard type of certificate for commercial or public facing websites. Minimum for ecommerce.||Domain requirements and full company name and address details.||2-3 business days|
|Extended Validation||Standard for major online retailers and banks and corporations. Recommended for businesses that wish to immediately build customer trust in their site.||Organizational validations and a rigorous process includes legal, operational and physical verification.||4-10 business days|
How to complete the security process
Now that you have a certificate, there are a few more steps to take:
- Back up your site.
- Configure hosting with SSL Certificate. SSL means “Secure Sockets Layer,” a security technology that ensures all data transmitted between the web server and browser remains encrypted.
- Change all website links to HTTPS, don’t forget images, and download files and robot.txt files.
- Set up 301 redirects to prevent error messages. With a redirect, you can catch the pages you may have missed when updating all links to HTTPS and redirect them to a secured page.
- Update links found within marketing materials, print pieces and digital assets.
- Test and retest.
Not a clue what a robot file is? Don’t fret. The simplest explanation is best. Before a search engine like Google crawls your site, it will look at your robots.txt file as instructions on where they are allowed to crawl (visit) and index (save) on the search engine results, the page that shows you websites that match what you searched. Sometimes the simple solution is the best. Your hosting provider may have instructions or have the technical parts for you to be completely covered. Your content management system (CMS, IE: WordPress) may hold the key as well, in the form of plug-ins. If you aren’t the do-it-yourself type, web developers have been using this standard for years and can assist with deployment. No matter which path you choose, with information security, user experience and search rankings on the line, moving to HTTPS is simply the right move.
Best practices are changing – Why?
Websites that don’t collect sensitive information or don’t seem like hacker bait are not out of the woods when it comes to security. Would you believe that most website security breaches are not targeting private data? Attempts to use the power of servers to distribute email spam, serve files of an illegal nature or mine for data are more common motives. To make the web more secure, browsers are going to call out websites as “not secure” based on their protection shortcomings.
Beyond the visual impact, switching to a secure protocol may also improve your site’s search ranking. High rankings can mean more exposure for your website to the people you want to reach and potentially provide cost savings when you advertise to reach them. Not a bad reward for doing the right thing.
For more information about this important topic, or to explore how Morgan & Co. can support your business through an innovative, tailored advertising strategy, contact our team today.