While browsing the web, you’ve probably noticed that some website URLs start with “http” while others start with “https”. The extra “s” may seem small, and perhaps barely noticeable to the less savvy user, but that little letter has big implications on website security.
So, what does the extra “s” mean, and how does it affect your government website?
The “s” in “https” means that a user’s connection to a website is secure, and any information exchanged between the web server and browser is automatically encrypted and therefore safe from data tampering, hacking, and other digital transgressions. The technology that powers that small but mighty “s” is called SSL – or secure sockets layer – and it is a security certification widely used by online retailers, banks, and is becoming increasingly common in government.
SSL is critical to protect personal data exchanged during any digital interaction that takes place on a government website – paying a parking ticket, submitting credit card information to register your kids for summer camp, setting up a personal account with a username and password, or even providing social security numbers for certain government forms. Without a secure “https” connection, such data could be at risk of being intercepted by hackers – therefore, SSL is critical to protect citizens’ digital transactions.
While SSL is important for the security benefits mentioned above, it can also provide other advantages for government agencies. SSL can help positively influence brand perception and reputation, restoring the public’s confidence and trust in the agency. It can also help improve SEO and drive more traffic through organic search, as websites under the “https” protocol rank higher in Google search than those on the non-secure “http” protocol.
Why it’s important to implement SSL now
Google Chrome, the most widely used browser in the world, has been moving toward SSL security standardizations for years and is rolling out some key milestones in the second half of 2018. These updates mean users of your website will see more frequent and obvious “not secure” warnings when interacting with your website.
Although Google Chrome’s security changes are gradual, the Chrome 68 release this July will be a significant one. Here is what you can expect in the second half of 2018:
Chrome 68 – July 24, 2018: The browser will begin to mark “http” websites (those without SSL) by planting a “not secure” warning in the URL address bar. See below for a snapshot of what this will look like.
Chrome 69 – Sept, 2018: The browser will brand secure “https” websites with a neutral marker instead of one that affirmatively notes a secure website. To do this, they will drop the green “secure” text from the address bar for “https” websites and instead only show a small padlock icon.
Chrome 70 – Oct, 2018: The browser will tag any “http” website with an insecure icon – a small red triangle – and the warning text “not secure” in the address bar as soon as a user interacts with any input field, such as attempting to enter a username, password or credit card information.
Beyond the Chrome 70 release, Google’s long-term plan is to eventually mark all websites that remain on the “http” protocol as affirmatively non-secure. Although the timeline for getting to this final stage is yet to be determined, it is clear that Google is pushing all websites toward adoption of “https” through SSL certification.
Don’t wait any longer, find out if your website has SSL today
As a first step, simply look at your website’s URL. If it starts with “https” then it already has SSL enabled and you are set for all the upcoming Google Chrome changes – remember, it’s that extra “s” that notates a secure SSL certified website. You might also want to check if your agency already has an SSL certificate since sometimes certificates are purchased but never implemented or are only enabled on certain pages but not the entire website. To find out, use this free SSL scanner.
If your website does not have SSL enabled, you’ll need to take action to prepare for the upcoming Google Chrome security changes. There are a number of certificate authorities that you can purchase an SSL certificate from directly, and in many cases your website or content management system (CMS) provider will also offer to implement and manage your SSL certificates for you. Depending on the number of domains and sub-domains you have, the type of SSL certificate and price will vary, so be sure to check with your IT team on the specific requirements for your agency website.
Remember that ensuring your website has SSL is crucial to protecting your citizens, maintaining public trust, and boosting SEO website traffic. Don’t fall behind the security curve – prepare for Google’s upcoming security changes and ensure your website is SSL certified today.
I didn’t realize that small “s” had such an impact on security, especially during transactions involving sensitive information. Its nice to see Google prioritizing this!