GlobalSign Blog

The Business Risks of Not Switching to Always on SSL

The Business Risks of Not Switching to Always on SSL

To switch to SSL or not to switch?

That is the question.

Well, if that is the question then so far, the answer appears to be a resounding ‘no’.

According to research that we have carried out on over 540 UK B2B websites, less than 3% of websites use secure HTTPS hosting (which requires an SSL Certificate) and with our own hosting clients, the figure is closer to 6%.

If you’re a business owner and you don’t have a full-time webmaster looking after your website, you might be wondering what all the fuss is about.

Quite simply, SSL is becoming an increasingly important issue.

Whether we like it or not, the fact is that Google’s decisions dictate behavior. In August 2014, they made a pretty decisive move in terms of online security when they announced that HTTPS was one of their ranking factors.

When Google speaks, it’s worth taking note.

In a nutshell what they were saying is - online security matters. It matters now and it’s going to be increasingly important moving forward. For that reason they are starting to include HTTPS as a ranking factor.

Here’s the important bit:

  But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web. 

That’s not just ‘some’ website owners then - that’s ALL website owners.

But also note the phrase ‘over time’. Well, it appears that this time is fast approaching. Google have recently announced that from January 2017 they will start to “mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure”.

You might think that, as of now, is not a concern to you, but they also go on to say that this is just the start and over time, they will add more and more stringent criteria.

The bottom line? HTTPS is becoming increasingly important and you will need to address this sooner or later.

You have been warned!

So, if you’re concerned that your site is at risk, I’ve got you covered. I’ll explain the risks and the upsides of switching so you can make an informed decision.

The Advantage of Switching to Always On SSL

Quite simply the biggest upside is that you’re future proofing your website.

Google is really the only player who can ‘move the market’ when it comes to online behavior.

They have clearly stated that there are three or four key areas which they pay particular attention to when assessing a website and ranking it in their search results. They are:

Of these, both Security and Mobile Friendliness are stated ranking factors. Speed is a subset of the mobile question - we’re past the tipping point where mobile use has overtaken traditional browsing on desktops and laptops - and mobile users demand fast load speeds.

Finally content is probably the most subjective of all these factors and often depends on the level of competition in any particular market.

But if you stand back and look at these factors, Google is essentially telling you loud and clear what it wants from the modern online business:

They want a secure and fast mobile friendly website with loads of great content.

It really is as simple as that.

But when you look at all of these factors, switching to HTTPS is by far and away the cheapest and easiest of all of these. Let me explain what I mean.

Setting up a mobile website means building a responsive website that could cost thousands to build.

Optimizing a website for increased speed means as a minimum switching to SSD Hosting, or even upgrading to a Virtual Private Server. These are significant upgrades for many small businesses.

Finally, creating great content is an ongoing process whose costs should not be underestimated whether they are direct (hire a copywriter), or indirect (your time).

When it comes to security, the basic price of admission is an SSL Certificate.

Sure, it’s not the only way to protect your site, but it’s the bare minimum and it enables you to put a tick against Google’s requirement for HTTPS.

When you consider that an SSL Certificate can cost as a little as £/$/€ per year, it really does seem like a false economy by not switching.

But we mustn’t just think of SSL in terms of ranking. Having a secure website improves the user experience and ultimately reassures prospective customers that you are a responsible business.

That doesn’t just apply to eCommerce businesses. Consumers are increasingly concerned about the security of their data and in particular about personal data being intercepted whilst browsing.

Any business that wants to reassure their customers they can browse safely, should consider switching their whole website to Always On SSL, which means every page on the site is secured with SSL, not just pages that collect personal or payment information.

So Why Aren’t Businesses Switching to Always On SSL?

OK, so we’ve established that a) switching to Always On SSL is a smart move to stay in Google’s good books and b) it’s relatively inexpensive.

But that raises the obvious question: why the reluctance to switch?

My feeling gained from speaking to many of our clients and many other business owners is that it’s either too technical, or it’s in the to-do list (just not that high up).

So let’s address it head on. Switching to HTTPS is pretty straightforward. I admit, I said ‘pretty straightforward’ but that’s at the other end of the difficulty spectrum from ‘super complicated’.

It can be boiled down to the following 12 steps:

  1. Buy an SSL Certificate. You can either get one from your hosting company or from a specialist SSL Vendor (you’ll need a Dedicated IP address too)
  2. Get the SSL Certificate configured and installed - your hosting company will normally help with that or if you have a developer they can assist
  3. For security, run a full backup of your site - if you use e.g. cPanel you can do this there
  4. Check every page of your website to change links from HTTP to HTTPS (you may need to hire a Developer to help you - see below)
  5. Optional - For more advanced sites that use code like JavaScript, Ajax or other 3rd party plugins check that these refer to HTTPS rather than HTTP
  6. Check any directory listings that you have control over and change from HTTP to HTTPS (i.e. local directories where you are listed)
  7. Update your htaccess file (see below)
  8. Optional - Check with your host if your site uses a Content Delivery Network (CDN) and if so you will need to update your CDN SSL (your host or the CDN provider will be able to assist)
  9. Set up individual 301 redirects if required. Here you will find a great article, exploring 301 Redirects and the effective way of setting them up.
  10. Check any automation emails (invoices, transaction, welcome, marketing) and update any links to HTTPS
  11. If you are using Pay Per Click (PPC) update any Landing Pages and PPC ads to be HTTPS
  12. Create your HTTPS site in Google Search Console (Google Webmaster Tools) and Google Analytics

Now if you aren’t a technical person, you’ll probably need to get a developer to help with some of these points. But that doesn’t mean that this is complex or expensive.

Also, bear in mind that the above is a complete list - not all the points will necessarily apply to you - particularly the points relating to code libraries (#5) and CDN (#8).

If you use WordPress, there are also tools that you can use to speed up the updating of URLs which is handy if you have hundreds of pages.

The main thing is to update your htaccess file because that tells Google that your HTTP pages (which it probably has in its database) are now switched to HTTPS pages. This is important so that you don’t lose your rankings.

Overall though, if you are non-technical or you have a large complex website, then you will need some expert help from an experienced developer.

But if you have a small website of say, less than 50 pages, these changes won’t take long to complete.

Even better, if you’re just starting out, just start off with HTTPS from day one.

The Risks of Not Switching

We’ve seen that uptake of SSL is fairly low amongst businesses. There are a number of reasons for this, chief among them a general lack of awareness and a concern that it’s unnecessarily complex and possibly risky from an SEO perspective (if it ain’t broke, why fix it?).

I understand this point of view, especially when you consider our own research concluded that HTTPS is a weak factor when it comes to search ranking.

Far more important, are things like; having a well optimized website, plenty of content, loads of reviews and the number of domains that backlink to you.

Notwithstanding this, my opinion is that we need to cast our minds back to April 2015 and the so called ‘mobilegeddon’ when Google announced that it would be favouring mobile websites in its mobile listings.

Suddenly everyone was scrambling around trying to make their site mobile friendly.

You don’t want to find yourself in this position with HTTPS. By taking action now you are getting ahead of the curve and crossing off an inevitable action from your to-do list. Let’s face it - your website is going to get larger and possibly more complex as time moves on so there’s no time like the present to make the switch.

Besides, if you were to get caught out by a sudden announcement by Google, you can imagine what would happen to the price for hiring a developer. Right now it’s a buyer’s market in your favour, but if there was a sudden rush to Always On SSL, it suddenly becomes a sellers market in favour of the developer.

As a minimum, you should have a contingency plan in place to move quickly and have a relationship with a trusted developer in place. If you don’t have one ask your hosting company for advice or check out a freelancer site like People Per Hour.

Overall though, my opinion is that many small businesses are simply not aware of either the risk or the rewards of Always On SSL. By taking action now, they will be getting a small advantage that will increase over time as Google cranks up the pressure on insecure sites (and it will).

In a nutshell, Always On SSL has a ring of inevitability about it - resistance is futile.

Wrap Up

The internet doesn’t stand still. Online marketing is a moving target and when it comes to websites, it’s determined largely by what Google requires.

One area that Google is increasingly focused on is online security. By including HTTPS as a ranking factor and starting to flag some non-HTTPS sites as insecure, the direction of travel is clear: secure your website or be prepared to lose out.

Seen in that light Always On SSL is the basic table stakes these days. You may not see any immediate impact by not switching but the sooner you do the better.

Ultimately it’s more a question of when you switch, not if.

For information on how to switch your website to HTTPS, see this Pickaweb infographic or visit the Pickaweb blog post for more information.

How To Switch Your Website To HTTPS - An Infographic from Pickaweb

Embedded from Pickaweb

Share this Post

Recent Blogs