Thanks to the buzz around website hacking and personal data theft in recent years, most Internet users are aware that their sensitive information is at risk every time they surf the web.
And yet, although the personal data of their visitors and customers is at risk, many businesses still arenβt making website security a priority.
Enter Google.
The folks over at Google are known for paving the way for Internet behavior. Last month, they took a monumental step forward in helping protect people from getting their personal data hacked. The update they released to their popular Chrome browser now warns users if a website is not secure β right inside that userβs browser.
While this change is meant to help protect usersβ personal data, itβs also a big kick in the pants for businesses to get moving on making their websites more secure.
Googleβs Chrome update: What you need to know
On October 17, 2017, Googleβs latest Chrome update (version 62) began flagging websites and webpages that contain a form but donβt have a basic security feature called SSL. SSL, which stands for βSecure Sockets Layer,β is the standard technology that ensures all the data that passes between a web server and a browser β passwords, credit card information, and other personal data β stays private and ensures protection against hackers.
In Chrome, sites lacking SSL are now marked with the warning βNot Secureβ in eye-catching red, right inside the URL bar:
Google started doing this back in January 2017 for pages that asked for sensitive information, like credit cards. The update released in October expands the warning to all websites that have a form, even if it’s just one field that asks for something like an email address.
Whatβs the impact on businesses?
Because Chrome has 47% of market share, this change is likely noticed by millions of people using Chrome. And get this: 82% of respondents to a recent consumer survey said they would leave a site that is not secure, according to HubSpot Research.
In other words, if your businessβ website isnβt secured with SSL, then more than 8 out of 10 Chrome users said they would leave your website.
Ouch.
Whatβs more, Google has publically stated that SSL is now a ranking signal in Googleβs search algorithm. This means that a website with SSL enabled may outrank another site without SSL.
Thatβs exactly why anyone who owns or operates a website should start taking the steps to secure their website with an SSL certificate, in addition to a few other security measures. Businesses that donβt take care to protect visitorsβ information might see significant issues, garner unwanted attention, and dilute customer trust.
βIn my opinion, I think security is undervalued by a lot of marketers,β says Jeffrey Vocell, my colleague at HubSpot and go-to website guru. βAlmost daily, we hear news about a new hacking incident or about personal data that has been compromised. The saying βthereβs no such thing as bad pressβ clearly isnβt true here; or, at the very least, the marketer that believes it has never had to live with the fallout of a data breach.β
With Googleβs Chrome update, those visitors will see a warning right inside their browsers β even before theyβve entered any information. This means businesses face the potential of losing website visitorsβ trust, regardless of whether a cybersecurity incident has actually occurred.
If youβre ready to join the movement toward a more secure web, the first step is to see whether your website currently has an SSL certificate.
Do you know whether your site has SSL?
There are a few ways to tell whether your website (or any website) has SSL.
If you donβt use Google Chrome:
All you have to do is look at a websiteβs URL once youβve entered it into the URL bar. Does it contain βhttps://β with that added βs,β or does it contain βhttp://β without an βsβ? Websites that have SSL contain that extra βs.β You can also enter any URL into this SSL Checker from HubSpot and itβll tell you whether itβs secure without having to actually visit that site.
If you do have Chrome:
Itβs easy to see whether a website is secured with an SSL certificate, thanks to the recent update. After entering a URL into the URL bar, youβll see the red βNot Secureβ warning next to websites that arenβt certified with SSL:
For websites that are certified with SSL, youβll see βSecureβ in green, alongside a padlock icon:
You can click on the padlock to read more about the website and the company that provided the SSL certificate.
Using one of the methods above, go ahead and check to see if your businessβ website is secure.
Yes, it does have SSL! Woohoo!
Your site visitors already feel better about browsing and entering sensitive information into your website. Youβre not quite done, though β thereβs still more you can do to make your website even more secure. Weβll get to that in a second.
Shoot, it doesnβt have SSL yet.
Youβre not alone β even a few well-known sites, like IMDB and StarWars.com, weren’t ready for Google’s update. But itβs time to knock on your webmastersβ doors and have them follow the steps outlined below.
How to make your website more secure
Ready to protect your visitors from data theft and get rid of that big, red warning signal staring every Chrome user in the face in the process? Below, youβll find instructions and resources to help you secure your website and reduce the chances of getting hacked.
Securing your site with SSL
The first step is to determine which type of certificate you need β and how many. You might need different SSL certificates if you host content on multiple platforms, such as separate domains or subdomains.
As for cost, an SSL certificate will cost you anywhere from nothing (Letβs Encrypt offers free SSL certificates) to a few hundred dollars per month. It usually averages around $50 per month per domain. Some CMS providers (like HubSpot) have SSL included, so check with them before making any moves.
(Read this post for more detailed instructions and considerations for SSL.)
Securing your site with additional measures
Even if you already have SSL, there are four other things you can do to make your website significantly more secure, according to Vocell.
1) Update any plugins or extensions/apps you use on your site.
Hackers look for security vulnerabilities in old versions of plugins, so itβs better to take on the challenges of keeping your plugins updated than make yourself an easy target.
2) Use a CDN (Content Delivery Network).
One trick hackers use to take down websites is through a DDoS attack. A DDoS attack is when a hacker floods your server with traffic until it stops responding altogether, at which point the hacker can gain access to sensitive data stored in your CMS. A CDN will detect traffic increases and scale up to handle it, preventing a DDoS attack from debilitating your site.
3) Make sure your CDN has data centers in multiple locations.
That way, if something goes awry with one server, your website wonβt stop working all of a sudden, leaving it vulnerable to attack.
4) Use a password manager.
One simple way of protecting against cyberattacks is by using a password manager β or, at the very least, using a secure password. A secure password contains upper and lowercase letters, special characters, and numbers.
Suffering a hack is a frustrating experience for users and businesses alike. I hope this article inspires you to double down on your website security. With SSL and the other security measures outlined in this post, youβll help protect your visitors and your business, and make visitors feel safe browsing and entering information on your site.
Does your website have SSL enabled? What tips do you have for making your website more secure? Tell us about your experiences and ideas in the comments.