The Blog

Tips and Tricks for Improving Your Small Business Marketing

Website Marked Not-Secure?

Is Your Website Marked Not-Secure?

/in ,

Google is leading an effort to make the web more secure, but it could hurt small businesses not  prepared for the change. Last month Google began displaying the words “not-secure” in the URL next to select web pages. Eventually their goal is to display a red triangle warning marked Not-secure next to every webpage not served over SSL.

If you use Google’s popular browser Google Chrome, you are in good company. Over 1 billion people use the browser worldwide, making it one of Google’s biggest products. But this update could damage the reputation of businesses unprepared for the change. So let’s take a look at what SSL is and what you need to do to secure your website.

The Secure Mark

Those with a keen eye may have noticed the green padlock in the URL bar next to some websites. This symbol used by all the major browsers including Chrome, Internet Explorer, and Firefox. It indicates the website is being served over a Secure Sockets Layer or SSL for short. That’s a fancy way of saying your web browser established an encrypted connection to the website.

Example of Secure Website URl

This is important for a number of reasons:

  1. An encrypted connection ensures data transmitted to and from the website is hidden from the view of anyone who may attempt to intercept that communication.
  2. For users, this means any data they send has an extra layer of security. Typically this data is financial in nature, but could include passwords, personally identifiable information, addresses, phone numbers, etc.
  3. SSL certificates allow users to verify the website they’re connected to. This helps prevent phishing or other schemes encouraging users to give up private information.

SSL certificates are not new technology. They have been around since Netscape first adopted them in 1994 in response to increasing concerns about web security. Traditionally they were used when a higher level of security was necessary (ie banking, personal finance, e-commerce websites etc.)

This is partially due to the additional costs of an SSL certificate which typically runs anywhere from $10 to several thousands of dollars per year. Because the certificates expire, they also require a level of maintenance most website owners didn’t find necessary.

Websites Marked Not-Secure

However, the landscape has changed and security has become a priority for many users. Google first proposed the idea in December 2014, outlining their desire to have standard websites marked not-secure. Following the introduction of new SSL providers and options for securing a website the proposal gained steam, eventually leading Google to release an announcement in September of 2016 that their popular browser would soon start displaying the warning on particular pages.

To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as not-secure, as part of a long-term plan to mark all HTTP sites as not-secure.

Google Chrome Not Secure Warning

This is the first step of many in their rollout plan. They continue with:

In following releases, we will continue to extend HTTP warnings, for example, by labelling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.

Google Chrome Not Secure Warning Phase 2

Simply put, unless your website is served over SSL very soon, your website will be marked not-secure. That’s not the message I want my visitors to get.

Fixing a Site Marked Not-Secure

So how do you go about adding an SSL certificate to your site?

If you’re a One Stop Site Shop client, an SSL certificate is automatically included and configured for your website. You don’t have to do anything!

If not, contact your web developer or hosting provider and ask them to help you install one. Typically this requires server-side work and a dedicated IP address, which means you will need help from a server admin. You should also expect to pay additional fees for both the certificate and dedicated IP, typically starting at about $15 per month.

The exact timing for Google’s next step of the rollout is uncertain. We know it’s coming, but we’re not sure when. Unfortunately certain web pages marked not-secure is only the beginning. This means it is essential for small businesses and website owners to prepare for the upcoming change now, before it affects your customers.

You might also like
7 Ways to Start Marketing Your Small Business TODAY
5 Benefits of a Small Business Website
Start marketing your small business with a custom website.How Do I Start Marketing My Small Business?
Using Social Media to Boost Your Small Business
Web Design Monthly MaintenanceWhy do Web Designers Charge for Monthly Maintenance?
How Do I Get a Website for My Small BusinessHow Do I Get a Website for My Small Business?
Service Announcement: Faster Websites & SSL Now IncludedOnline Marketing for AccountantsOnline Marketing for Accountants: How Your Firm Can Use the Web Effectively