Beginning in July 2018 Google Chrome will mark all HTTP sites as ‘Not Secure’.
Google via it’s Chrome browser division has made no secret of a desire for a more secure web. Central to this is the drive to encourage the use of HTTPS encryption.
Historically, most corporate or information only websites (i.e., no e-commerce) were hosted using HTTP (hypertext transfer protocol). If someone filled in a feedback form on a site, their details were transmitted to the web server in an un-encrypted form. A smart hacker could intercept this transmission and steal the personal data within the message.
Most users browsing the web have been unaware of this, as have many website owners.
People recognise HTTPS (hypertext transfer protocol secure) and look for it when they were making an online purchase, as such HTTPS has been perceived as being associated with the needs of e-commerce and financial transactions. It is viewed as a way of keeping your payment details secure.
Web users are now becoming more aware of the importance of keeping personal data secure. The recent events at Facebook have ensured that this has become front page news.
Google gave a signal of their intention to encourage the use of HTTPS and increase the security of the web in 2017 when they made it part of the search engine ranking algorithm. Thus rewarding secure sites with better search engine ranking.
From July this year the Google Chrome browser, which accounts for over 50 percent of web browsing, will mark HTTP sites as ‘Not Secure’ in the address bar.
If you have a company website that is hosted using HTTP, there is a good chance that more cautious browsers will be put off when they see the words ‘Not Secure’ alongside your domain name. They would certainly be unlikely to enter their details in a contact form. Therefore, this change by Google could have a direct impact on your website’s effectiveness as a marketing tool.
Furthermore, there is also a GDPR implication. If you collect personal details via your website, you are accountable for the integrity and confidentiality of that data. So even if your online forms and procedures are GDPR compliant, you may be seen as noncompliant by collecting the data in an insecure manner.
If you are unsure about the security status of your company's website, check your site using Google Chrome and see if it displays HTTPS alongside your domain name. If it doesn't, speak to your website designer or find an experienced company that can help you to convert to your site to HTTPS.
Taking this action quickly may prevent loss of web inquiries and could also assist in your GDPR compliance activities.