Ready, set, secure.
If you want to stay on Google’s good side, it’s time to make sure your website is encrypted—or, in other words, enabled with HTTPS. Beginning in July 2018, the browser Chrome will begin labeling all HTTP sites as “not secure” if a user is on a page where they’re inputting data. Your website visitors will see that label loudly and clearly if they try to give you any information and your page is not yet encrypted.
According to Emily Schechter, a Chrome Security Team product manager, “Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62, Chrome will show the ‘Not Secure’ warning when users type data into HTTP sites.”
In a nutshell, HTTPS encryption protects the channel between your browser and the website you’re interacting with, which means nobody between the two can tamper with the traffic or see what you’re doing. Without that encryption (or with HTTP), someone with access to your router or ISP could grab the information you send to that site or inject malware into otherwise valid pages.
If you feel a little pressure to acquire the necessary SSL/TLS certificates because of Google’s impending security warning, well, that’s exactly what Google wants. They’ve been pushing site owners toward HTTPS for months now. And to be honest, we side with Google on this issue: We fully believe your website should be encrypted and secure—it’s not going to be a good look for you if a donor tries to make an online donation and is warned that your site is “not secure” by Chrome when they go to enter their credit card information. Firefox maker Mozilla hasn’t yet said whether it will follow Chrome’s new warnings, but it did begin displaying in-context warnings for payment and login pages without HTTPS last January.
What are the benefits of encryption? To name a few:
- Your donors will feel a sense of security and trust when they hand you sensitive information. Most online users now associate online security with the lock icon or green address bar that displays with an SSL-secured website.
- Google rewards sites using HTTPS with a slight search ranking boost.
- Many industries have strict compliance requirements to help protect those whose personal information is stored by organizations, and encryption is part of staying compliant if you’re one who has those requirements.
The great news: A new Firespring website comes fully encrypted with an SSL certificate so you can rest assured that your site is secure from day one. (If you happen to be an existing Firespring client with an HTTP site, no worries—we’ll be encrypting yours automatically and be in touch with more details about that.)
At Firespring, our mission is to provide nonprofits with websites that are not only secure, but also affordable, engaging, efficient, robust, beautiful—and complete with all the tools and software you need to make your life easier.