It's NOT really an issue. It simply means that the site does not use an SSL Security Certificate.
This has always been with us, but in 2017, Google Chrome has decided to highlight those sites without certificates, and the other major browsers (FireFox etc), have followed and done the same thing.
Why Am I Seeing This And Is It An Issue?
Most online shoppers recognize the need for SSL secured websites when it comes to e-commerce but did you know that it is required by Google even if visitors are just filling out a contact form on your website?
“An SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.”
Even many e-commerce owners who just use Paypal for transactions DO NOT use SSLs even though a customer is entering a lot of unsecured data. This is something that Google wants to put a stop to.
In 2014 Google announced an initiative called “HTTPS Everywhere”, requesting all website owners to add SSL Certificates to their websites to encrypt and protect any data being sent across the internet. They also announced that it would be added into Google’s Algorithm as a ranking factor: https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html
In October of 2017, Google is launching Chrome 62 which will give a warning of “NOT SECURE” in the URL section for ANY pages where users enter data with unsecured content. They have noted it here in the Chrome blog: https://blog.chromium.org/2017/04/next-steps-toward-more-connection.html
According to W3Schools, over 75% of website visitors use Google Chrome as a browser, so ignoring this request from Google would be a real shot in the foot.
So we see at least 3 benefits to making sure your website is fully SSL secured with HTTPS pages:
- Giving your visitors the assurance that any data they send to you will be encrypted during transmission building trust with visitors
- Ensuring Google Chrome 62 recognizes your site as secured avoiding the Chrome warning of death: “NOT SECURED”
- The added benefit of a boost in Google Search Pages.
The process of securing your site usually takes just a few days (longer if you are acquiring your own SSL for your site). Here are the steps involved:
- Acquiring and Installing the SSL for your site
- Securing at least all login and data transfer pages (although we go a step further to secure ALL pages of client sites)
- Making sure your site pages HTTP: automatically redirect to secure pages HTTPS: (so you don’t lose your rankings in Google)
- Re-submitting your site to all relevant Google properties
- Re-linking your Google properties together
- Adding a Firewall to your site to block malicious activity
Find Out More About SSL Certificates For Your Website
Confused about the various types of SSL certificates available today? There are so many choices offered for securing websites that is hard to know exactly where to start. Is it essential or optional? According to Google, in an effort to make the internet a safer place to exchange personal data and make purchases, in Oct 2017 they will begin to let users of Chrome know when a website is not secure, and whether or not a visitor is sharing their personal data, it will affect their level of trust with that site. This in effect will make it mandatory to have one by default. Obtaining an SSL certificate for your website adds trust and credibility to visitors and customers, which is Google’s intention, but not all SSLs are create equal.
Where do you go from here?
It is important as an organization to determine the purpose for obtaining an SSL certificate. Are you using it just to secure logins, transmitting visitor data to your website, or running an e-commerce site.
Once you have that question answered, there are basically 3 Types of SSL Certificates that you need to know about (generally all of these will be installed free of charge, but the cost is an annual fee for the certificate):
- Domain Validated Certificate (DVC) (BASIC) – ($30+) not verified or trusted. This is the most basic of certificates.
- Organization Validated Certificate (OVC) (BUSINESS) ($150+) - trusted. These SSLs offer a higher level of trust as businesses need to provide detailed information regarding their organization’s details. These business details are verified by reputable online companies such as: Comodo, GeoTrust, Symantec or Equifax (or many others), and the certificate reflects that.
- Extended Validation Certificate (EVC) (PREMIUM BUSINESS) ($250+) – most trusted. Nothing beats the security of a fully verified certificate. This increases the trust level of visitors and is a necessity for ecommerce sites because it verifies the organizations name in the certificate. Your business is verified by Comodo, or other validating firm. There will be a form to fill out, as well as proof of business ownership, Business Contact information, as well as a Dun & Brad Street Number (or other supporting dcumentation), will be required to complete this type of SSL certificate.
If you would like to know more about SSL Certificates (or any other subject), please drop us a note via our website Contact Us page.