Your website is now the most important component of your marketing strategy. But are you leveraging website security to make your website more credible and trustworthy? HTTPS Everywhere and proper content development can make a surprising difference. And near-term changes by web browser companies will make it even more important as insecure site are branded as “Not Secure” on every page of your Website.
Can Increased Website Security Help you Sell More?
How does your website look when your customer types “www…[yoursite].com.” https://www.[yoursite].com or just “[yoursite.com].com”? There are four (4) levels of visible website security that your customers can see every time they visit your site. Google, Firefox and Microsoft’s browsers all visually tell your customers whether they should trust your site. Think that impacts sales leads? Take a look below and you tell me which site looks more secure. What does your site look like?
Poor (Labeled as “Not Secure”)
Better (Labeled as “Not Fully Secure” or “Mixed Content”)
Good (Green Lock and Labeled as Secure if you Click the Info Circle)
Best (Green Company Name with Complete Certificate Information if you click the info Circle)
The examples above are using the Firefox browser on various sites. The differences in display are caused by a combination of using HTTPS versus HTTP and also the type of SSL certification that is used. GREEN is always good in the minds of your customers, so what should your company do to get there.
Below is the eSecurity Solutions website on Internet Explorer. On IE a “secure” site is even more prominent by showing a completely green URL bar.
Best in Internet Explorer
Visual Levels of Website Security
With the goal of a higher perceived level of visual security, here are the levels of goodness.
- Poor– HTTP site
- Better– HTTPS site with mixed HTTP/HTTPS content
- Good– HTTPS site with Standard SSL Certificate
- Best– HTTPS site with Extended Validation Certificate
Why People Care about HTTPS Everywhere
- Google has been driving an HTTPS Everywhere initiative since 2014 to increase Website security. Their belief is that sites should be HTTPS sites and support only external links to HTTPS sites with encrypted traffic. HTTPS also is used to support secure transactions for personal data or credit card transactions on shopping carts.
- Google provides a higher Google Search Ranking for sites and pages that support HTTPS Everywhere.
- Communications with other HTTPS site increases the chances that your site is safe since each site has a validated identity by a certificate authority.
- Visually HTTPS sites look more secure. Some level of green is used and if you use an Extended Validation Certificate, you have you company name shown also in green.
- In fact, starting in July 2018, Google Chrome will show ALL HTTP:// sites as follows (Labeled as “Not Secure”
3 Ways to Make Your Website’s Security More Visible
- Buy an SSL Certificate for your site and if you really care about “secure optics” buy the Extended Validation Certificate (EV)
- Convert your site internal references to “relative URLs” so that your site could work with HTTP and HTTPS. But it is best if you can direct all HTTP incoming traffic to HTTPS
- Remove mixed HTTP and HTTPS content by
- Converting your external reference links to HTTPS Sites/Pages
- You may need to buy certificates for your marketing automation page external links like Contact Us Pages so that they are HTTPS too
When Does HTTPS Not Make Your Site More Secure
It does for secure website transactions and when clicking on external links. But, because HTTPS traffic is encrypted traffic to the user’s workstation, a security compromised website might not be scanned by an improperly configured firewall. Good firewalls have the ability to become a “man in the middle” acting like the user’s workstation when talking to an HTTPS website, but the firewall must support this feature and the workstations need to now be configured to talk securely to the firewall. Check with a security expert to see if your firewall can handle this configuration and if it is set up for your company. Since around 50% of all websites are now configured to be HTTPS, this will be a growing security hole for companies unless addressed. Having an HTTPS Everywhere compatible site is now becoming a requirement and shows your commitment to securely interacting with your customers. But IT administrators must now adjust to that new reality and provide secure scanning of HTTPS traffic.