HTTP vs. HTTPS: Securing Your Online Business
In 2014, Google announced adding HTTPS as a lightweight ranking signal and launched their HTTPS Everywhere campaign. Google and even Mozilla have pushed HTTPS migration hard since then, yet less than 0.1% of websites are secure. Until recently, HTTPS was really only used by e-commerce sites to secure their payment pages. But, Google considers secured web a priority and now wants their users to know when a website is not secure. Beginning in January 2017, Google (Chrome 56) will mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
HTTP vs. HTTPS: What’s The Difference?
HTTP stands for Hypertext Transfer Protocol. It’s a simple protocol for sending and receiving text-based messages over the Internet. The problem is that HTTP data is not encrypted and insecure.
HTTPS stands for HyperText Transfer Protocol Secure. It’s the same protocol as HTTP, but HTTPS encrypts the data sent and received with SSL. HTTPS provides three layers of protection to data:
- Encryption – Encrypting the exchanged data makes it worthless to anyone who somehow manages to intercept it. According to Google, this means “that while the user is browsing a website, nobody can ‘listen’ to their conversations, track their activities across multiple screens, or steal their information.”
- Data integrity – Safeguards data that is being transferred so it cannot be modified or corrupted.
- Authentication – Proves the user is communicating with the intended website and protects against “man in the middle” attacks, which you can learn more about here.
The main benefit of HTTPS is that you are making your website more secure. However, there are limits to this. HTTPS is not going to completely prevent your website from getting hacked, you will just have a less likely chance. Aside from security, HTTPS also improves customer trust. According to GlobalSign, more than 80% of respondents would abandon a purchase if there were no HTTPS in use.
Moving a whole site from HTTP to HTTPS can require a lot of time, planning, and the right resources. But, if your business accepts payments or sensitive data for any reason, you need HTTPS on those pages at a minimum. In addition, if your business is planning to get a significant amount of search traffic in the next few years, you should plan on switching to HTTPS. Ultimately, the switch from HTTP to HTTPS is needed to future-proof your website.
BMT Micro can also save you the time and the expense necessary to keep your customer’s information safe. There is no need to worry about the expense of a secure certificate (SSL or EVSSL Certificate) since all BMT Micro servers are fully secured. We host all shopping carts using the highest encryption standards available. If you would like to learn more about what BMT Micro can offer your business please feel free to contact our vendor services via email at vendors@bmtmicro.com.