Website Security Changes Are on the Horizon
But this is just the beginning, and there are many other variations plus many other browsers, each of which displays the website security status in its own way. The big news shaking up the industry right now is that Google Chrome, starting in July of 2018 will flag ALL websites that are not SSL-secured (not just those collecting personal information) and warn visitors that they are on an unsecured website. It appears unsecured websites are quickly becoming a thing of the past…and that’s probably not a bad thing.
For those who aren’t familiar with SSL, it stands for “Secure Sockets Layer.” Basically, it ensures that the data transferred between a visitor and the secured HTTPS website is encrypted so that it can’t easily be stolen, unlike the unencrypted data sent to an HTTP website. It also means that the domain name seen in the browser is actually the domain of the website in question. This makes it much harder for thieves to spoof or imitate a website and steal data (including credit card info, etc.) from a website’s visitors.
In reality, most secured websites today use a newer technology known as TLS (Transport Layer Security), but the SSL acronym has become so commonplace that it is now used as a catch-all for both Secure Sockets Layer and Transport Layer Security. Most companies (ourselves included) still call their security offerings SSL even though, technically they are TLS. Since so few people outside of the industry know what SSL is, trying to explain that one acronym they barely understand is being replaced by a new acronym they’ve never heard of is likely to be more confusing than helpful. I’ll continue to use SSL for the purposes of this post.
Improving Website Security Is Not Difficult
Installing an SSL certificate is fast, easy, and relatively inexpensive (especially compared to the potential loss of trust a website without it may experience). While it’s still possible to operate a website without SSL, the risks involved make it increasingly less advisable. If your website doesn’t collect personal information from visitors you may have a little more leeway, but all websites will benefit from installing SSL. Those benefits will likely only increase over time. If you are responsible for administering any website, this is probably a good time to evaluate your security requirements and consider upgrading as needed.
This is the first in a series of posts on website security. We will continue to publish articles on SSL, TLS, HTTPS, as well as other security topics. Please feel free to post any questions, comments, or requests for future articles below and we will do our best to address them. Or you may contact us here.