When you visit a web page, you naturally focus on what’s inside the browser window — the words, images, products and other elements on the page itself. However, when it comes to optimizing your own industrial website, you also need to pay attention to what’s happening up above in the address bar. That’s because the difference between having HTTP and HTTPS in your address can have big implications for your business.
Open a new tab, type in your address, and take a look at the address bar. Does it it say “https://” before your URL? Do you see a green padlock icon? If not, you could be scaring away visitors instead of attracting new customers.
So what is HTTPS, and why do you need to make sure you have it on your site, like, yesterday? Here’s what you need to know:
What Is HTTPS And How Does It Work?
Without getting overly and unnecessarily technical, HTTPS is a way to encrypt data that is sent between a browser and a web server, preventing unauthorized third parties from accessing that data while it’s in transit. This curbs the risk your users face of falling prey to a number of cyberattacks and scams, including “man-in-the-middle” attacks — where scammers siphon information that users have entered on your site, such as credit card numbers, usernames, passwords, etc. — as that information is sent to your web server.
Think of sending sensitive data over just HTTP as sending a postcard with your passwords on it — anyone handling it between you and the recipient can read it. Sending sensitive data over HTTPS is more secure, like sending your passwords in a security envelope inside of a box inside of a safe.
Is SSL The Same As HTTPS?
The term “HTTPS” is often used interchangeably with “SSL,” which is understandable, but not quite accurate. An SSL certificate is a set of files that you must purchase and install on your server. HTTPS is a protocol for reading those files, verifying your certificate, and letting users know that your site is safe, secure and trustworthy. The HTTPS protocol enables the browser to encrypt data before submitting it to the web server, and the web server can then decrypt the received data using the information contained in the SSL certificate’s files.
There are actually two different types of certificates — SSL and the more advanced TLS — but they both play the same role. The important thing to remember is that you need one of these certificates in order for your site to have an HTTPS address.
Why HTTPS Is Important
Just a few years ago, HTTPS sites were limited to banking portals and e-commerce shops like Amazon. However, today more than half of all web visits are to encrypted sites.
This change has been fueled by the increasing prevalence and awareness of cyberattacks — and the headlines they spawn. People are more cautious about browsing and entering their information online, and your visitors expect that you will protect their information. If you can’t meet their expectations of security and privacy, they may take their business elsewhere.
Over this same period, more and more companies have shifted their business models to the web, where they actively collect information from their visitors. While these interactions don’t necessarily involve credit cards or social security numbers, there is more data flowing from web browsers to web servers than ever before. The rise in encryption adoption is, at least in part, tied to the rise in the opportunities for encryption.
If you collect user information on your site — and if you utilize inbound marketing in any capacity then you certainly do — encrypting your site is essential. Here are a few reasons why:
Improved security means less liability: The most important reason for upgrading from HTTP to HTTPS is also the most obvious – it makes your site more secure. That means the information you collect — from customers, prospects, employees, and other visitors — is protected. This is not just great for them; it’s also beneficial for you, as cyberattacks can hurt your reputation in the marketplace and your ability to win new business.
Better user experience: Have you ever been browsing online, clicked on a link, and came upon a warning that looks like this:
Doesn’t exactly inspire confidence and trust, does it? Well, if your site isn't encrypted, that's exactly what your visitors will see.
In addition, all major browsers — Internet Explorer, Chrome, Firefox, Safari, Opera, etc. — now indicate whether or not a site is secure. Just take a peek at the address bar on this page. It should look like this:
Notice the padlock icon and the word "Secure" in the address bar. If you visit an unencrypted site, it will look something like this:
Browsers are also beginning to introduce additional, and much less subtle, warnings to visitors on HTTP sites. For example, Firefox already does this:
And, starting in October, Chrome will show a “NOT SECURE” warning when users enter text in a form on an HTTP page.
While each browser displays different warnings in different ways, the message to anyone visiting an HTTP site is clear — the site is not safe. That’s not the message you want to be sending.
It could help you rank higher in search results: According to Google, a site built with HTTPS is more likely to rank higher in search results than an identical site built with HTTP. This means having an encrypted site could potentially give you more exposure online, helping you attract new customers. Sounds pretty good, right?
Are There Any Reasons Not To Switch To HTTPS?
Encryption technology has been around for more than two decades, and the push toward SSL has only ramped up in the last few years. While many of the reasons that deterred companies from switching to HTTPS are no longer applicable, some common misconceptions do still exist, including these:
It costs too much: An encryption certificate used to cost upwards of $1,000 a year, which was prohibitive for many small businesses. However, costs today average between $80 and $200 annually, and many hosting companies provide SSL certificates at no cost. There are even initiatives, such as Let’s Encrypt, which provide them for free to as many people as possible. Price is no longer an excuse for not getting encrypted.
My business doesn’t need it: Let’s go over this again: if you collect any data from your visitors, if you don’t want to scare off potential customers, and if you want to put your company in the best position to attract new clients, then you do need to be encrypted. Period.
It’s too complex: OK, so this reason is still somewhat accurate. You do need to be comfortable installing your certificate, updating your registry and hosting information, and implementing HTTPS with your CDN, if you have one. After you do that, you’ll need to redirect and update old links to ensure that nothing gets lost in transition. This process takes some time and technical know-how, for sure. However, some hosting companies offer simple tools that allow you to add HTTPS to your website with only one click.
Now that you know what HTTPS is, how it works, and why it’s so important, it’s time to make sure your own site is secure. If you’re unclear where or how to start, we can help.
The Thomas Marketing team provides comprehensive website development services for manufacturing and industrial companies. We work with our existing clients to make migrating an existing website to HTTPS easy, and every new website we build and optimize includes free HTTPS encryption (for those hosted on our recommended platforms), ensuring the best results for our clients and the best experience for their potential customers.
If you have any questions, or if you want to get the process going, we’re ready to help.