According to a Global Forensic Data Analytics Survey conducted by EY, 785 of respondents reported that data protection and data privacy compliance is a growing concern. Yet less than 0.1% of websites have taken the first step in moving from HTTP to HTTPS.

Despite all of the conversations we have with our clients regarding the benefits of switching from HTTP to HTTPS, far too many have still not made the switch. But time is up for organizations that don't use HTTPS on their website: this upcoming July, Google will begin marking all HTTP sites as “not secure.” The search giant will begin indexing secure pages over unsecured pages, meaning HTTPS sites will rank higher than those running only HTTP.

If your site, like many others (less than 0.1% of websites are secure) hasn't been switched to HTTPS by this July, you may be ranked lower than your competitors in the search results. This means that all that money and time and effort you put into SEO will be wasted, and your customers won’t be able to find you on the web.

Case in point: Google recently reported that 81 of the top 100 sites on the web use HTTPS by default. If you want to rank high in the search results, you need to use HTTPS.

What’s the big deal

You’ve seen a lot of information on the FFW website about GDPR in the past month. But GDPR isn't the only law about privacy: Canada has its own Personal Information Protection and Electronic Documents Act (PIPEDA) which governs the collection, use and disclosure of personal information. Canada has also enacted some of the toughest anti-spam legislation in the world. These regulations put pressure on organizations to protect user data – GDPR, in particular, imposes harsh penalties for breaches.

Between Google, GDPR, and PIPEDA, it's clear that securing how we transmit and communicate with each other on the web has become a big deal. HTTPS plays a central role in data security, and here’s why:

HyperText Transport Protocol or HTTP is a way of describing how information is passed back and forth between web servers and clients. HTTP (without the S) is the “unsecure” method of data transfer. Simply put, an HTTP site makes it relatively simple for malicious users to listen in or watch your conversations. If you are asking your users to complete a form on your site, and your site is only running HTTP, hackers can access that information.

The (S) in HTTPS means your website is secure. Effectively, HTTPS guarantees the following data security measures:

• Encryption. Encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages or steal their information.
• Integrity. Data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
• Authentication. Proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.

Having a site running HTTPS is no longer a 'nice to have' feature; it is a must-have for any organization that does business online.

How to make the switch

Before you do anything, you need to plan both internally and externally so that everything is set up for the move. Switching from HTTP to HTTPS takes time, work, and follow-through. Once your site is served over HTTPS, insecure resources within your site will fail to load, so you can’t start and stop, and you need to be prepared to monitor your sites to address issues as they arise.

You can begin by identifying insecure resources within your site – web fonts, scripts, videos, and other resources served by third-party providers over HTTP. After planning, you need to purchase an SSL certificate. If your hosting company did not provide the Certificate, then have your hosting configured. Then the hard work begins of redirecting visitors from HTTP to HTTPS, changing or removing your references to embedded HTTP content, and monitoring your analytics to ensure that your campaign and referral tracking is still working after implementation.

Each situation is unique and there are a lot of factors that need to be considered. If you have questions about HTTPS and how to secure your site, please contact us for help.