Why the big hubbub over HTTPS?…
Because from now on, users who visit HTTP sites will be hit with a BIG WARNING from Google. This will happen to anyone using Google Chrome version 68.
Google warns that you should have been protecting your websites with HTTPS for a while now. And this isn’t just for confidential communications. You need HTTPS on all your sites.
HTTPS Prevents Intruders And Security Vulnerabilities
You certainly don’t want people (criminals or otherwise) tampering with the communications between your site and your users’ browsers. These intruders can be hackers or legitimate companies like Internet Service Providers (ISPs) that inject ads into your web pages. Did you know that some of these advertisements can block the user and create security vulnerabilities on your site?
HTTPS Protects Your Users’ Privacy
Every unprotected HTTP request to your website can potentially reveal your visitors’ private information, such as their browsing behaviors and even their identities. Some intruders gather bits of information and compile it into user “profiles” to steal their identities.
HTTPS also keeps intruders from listening to communications between your website and your visitors. This means if you don’t use HTTPS and you have an online help desk service with VoIP, someone else other than your rep and your client may be listening.
Intruders can trick your visitors into providing their confidential information or installing malware into your website. They can access and exploit unprotected images, cookies, scripts, HTML … and they can do this at any point along the network.
This means that your users’ machines, a clients’ Wi-Fi hotspot, etc., could be exploited and you’ll be to blame.
HTTPS Is Required For Progressive Web Applications (PWAs)
What are PWAs? They use modern website capabilities to deliver app-like experiences to your users.
Google likes PWAs because they:
Google Says That HTTPS Is The Future
In addition to the security benefits of using HTTPS, there are commercial benefits as well. Browsers and search bots prefer HTTPS sites. Your site will be easier for visitors to find.
Today’s new web platform features allow things like taking pictures, recording audio and new geolocation APIs (Application Program Interfaces). They essentially provide offline app experiences. HTTPS is a key component to the permission workflows for both new features and updating APIs.
And take note! Watch for HTTPS warnings from Microsoft, Apple and Mozilla. They’ll be coming soon.
Keep Google happy and your users safe. It’s not expensive to switch to HTTPS and it’s certainly worth doing!
Bill Wootton is the Founder and President of C3 Integrated Solutions, a full-service IT provider based in Arlington, VA that specializes in securing our nation’s Defense Industrial Base through cloud-based solutions and industry leading partners. Bill is passionate about bringing cyber-awareness, and cyber-maturity to the nation’s Defense Industrial Base, working with clients to help them achieve CMMC and NIST 800-171 compliance by providing MSP, security and Office 365 integration services.