For over a year, Google and major internet browsers have been increasing restrictions on HTTP protocol websites as a means of pressuring them to migrate to HTTPS protocol. But what does this mean for your website and your business?

HTTPS (Hyper Text Transfer Protocol Secure), as the name suggests, is a security protocol through which communication between two servers occurs using encrypted code. This protocol is almost mandatory for websites handling online stores, banking entities, or any type of credit card transactions, like movie, theater, and hotel reservations. You've probably noticed that your bank's URL starts with "https," as in the following example:

The rest of informational websites have typically operated under the HTTP protocol, meaning they don't use encryption for data transmission. However, with the advent of the so-called Web 2.0, the rise of Digital Marketing, and online applications, it's rare to see a website that doesn't request some form of user information. Whether it's user registration to access privileged functions or information, signing up for a newsletter, or simply using a contact form, nowadays almost all websites request some kind of user information, yet the vast majority still doesn't employ data encryption.

Google has determined that the increase in websites requesting information without using encryption protocols is a key security concern on the internet, which is why they increase pressure every year to encourage the use of HTTPS protocol.

What Are Google's Pressures About?

Initially, websites with HTTP could see an icon in the navigation bar on pages containing forms. However, over the past year, this icon has appeared on all pages of HTTP websites, whether they contain forms or not.

When clicking on the icon, a warning appears indicating that the website is not secure and that sending information through it can be intercepted by third parties. The icon looks like the following image:

Starting from July 2017, this will become more visual and less subtle:

Is My Website Truly Insecure Without HTTPS?

To answer this question, we need to understand the role of HTTPS. The function of the HTTPS protocol is to encrypt the information between the user's browser and the server managing the website—and possibly a third server, if the site is engaged in e-commerce.

With that in mind, we can clarify two points:

1. If your site doesn't have forms, HTTPS doesn't offer significant technical protection.

However, as previously mentioned, Google pushes for the use of HTTPS. Therefore, starting from mid-2018, it will give higher ratings to sites employing it, to the detriment of those that don't. And this has consequences for your business. If you haven't implemented HTTPS protocol yet, Google is likely directing potential customers to your competitors' websites.

2. Your website could still be insecure even with HTTPS.

HTTPS only encrypts communications but doesn't protect the site from viruses or malware. Google's penalty for sites with viruses or malware is even more severe. A site without HTTPS gets demoted in search results, but one with viruses or malware gets blocked—it essentially disappears from Google.

How Can I Protect My Website from Viruses and Malware?

Just like your personal and office devices, your website requires antivirus and firewall protection against viruses and malware. However, websites and web applications face different threats compared to devices. Therefore, you can't use the same antivirus software for your computers or the firewall protecting your company's network to safeguard your website. Web Application Firewall (WAF) is the protection specifically designed for websites and web applications. If you want to learn more about WAFs and how they protect your website, you can review our article "What Is a WAF?".

In Conclusion:

Whether your website engages in e-commerce or not, it's now necessary for it to have HTTPS protocol. This is important either for encrypting user information or simply for staying visible to Google (and thus your customers).

In addition to HTTPS protocol, it's essential for your website to have protection against viruses and malware by implementing a Web Application Firewall.

Feel free to consult with our advisors if you need support in installing an SSL certificate to enable HTTPS protocol or implementing a WAF system for your website.

You might also be interested in the following topics: