Knowledge base

Asset 32

From July 2018 Google Chrome will mark websites without https encryption as “not secure”

Posted on 9 April 2018 by Beaming Support

What is Google doing?

From July 2018, the Google Chrome internet browser will mark all websites that do not carry HTTPS encryption as being “not secure”.  As you surf the internet, you may notice that website addresses appear in your browser’s search/address bar with either http:// or https:// before the familiar “www”. Both HTTPS and HTTP are protocols (or procedures) used to exchange information between your browser and a website. In basic terms, the difference between HTTPS and HTTP is that information sent using HTTPS is encrypted, and therefore secure, whereas information exchanged using HTTP is not secure.

Why are Google doing this?

Encouraging websites that use HTTPS and punishing those that do not is a way of guiding all website owners towards ensuring that users can browse their websites and input information such as credit card and address details without the fear that these details may become available to anyone.

How will this affect me?

Since it is the most popular internet browser – with 57% of all internet traffic being viewed in Chrome, according to StatCounter – we predict that any websites not using HTTPS secure encryption will suffer a dent in their visitor numbers once the new flagging system is in place. In fact, Google already favours websites with HTTPS encryption over those that don’t in its search results; now it will actively “punish” the websites that don’t use HTTPS.  Any website using HTTP will be labelled as non-secure and will be marked with a red triangle security indicator, similar to the below.

HTTP

If you offer e-commerce, your website should already be using HTTPS, but even if your product(s) can’t be bought online, your website is an important part of your business’s sales funnel.  Customers and potential customers won’t be able to find important information about your product or service if they’re unwilling to visit a website that’s not secure.  If they are using a Unified Threat Management (UTM) device then the website will most likely be blocked from their view unless they gain special access permission from an administrator. What’s more, a website that’s not kept up to date gives an air of unprofessionalism, not to mention the apparent disregard for customers’ online safety as they browse your website.

How do I know whether my website will be affected?

A first good step is to visit your website using Google Chrome. Does the browser bar look like this?

HTTPS encryption

If it’s not marked as being secure, as above, then your website is still using HTTP and should be updated to HTTPS before July 2018, when it will start to be actively marked as being not secure.

How do I make sure my site is secured with https encryption?

This bit will most likely need to be done by your web developer. They should create a public/private key pair which will be used to encrypt information on your website, then embed the public key into what’s known as a certificate signing request, or CSR. The CSR is submitted to a certificate authority. This is the part that costs money (a relatively small amount), as the authority will “vouch for” your public key by providing a certificate, known as an SSL certificate. More information about this process can be found here.  Most website hosting businesses, such as Beaming, will offer an SSL certificate service so it’s a good idea to enquire with them. The process will usually take between 12-48 hours.

A final word of caution.

We’ve seen reports of scammers approaching website owners to advise that they have discovered “security flaws” making their websites unsafe, and offer to fix these “flaws” for a sum of money. Any such unsolicited approaches should be ignored.

Asset 16

We answer real questions asked by businesses

From simple cyber security solutions to O365 migrations and everything in between. Take a look at our knowledge base and benefit from our expertise.

Improving your business’s cyber security

  • This field is for validation purposes and should be left unchanged.