Technology   |   July 28, 2015

To Move to HTTPS or Not to Move to HTTPS? – That is the Question

A 4 minute read by Sarah Adams, SEO Specialist

Is your website making the move to the authenticated and secure HTTPS? Overall, making the move from HTTP to HTTPS is a good decision. But keep in mind that this process can open a can of worms if not handled correctly with Internet security experts.

In moving to a fully secure website, it’s possible to open your website up to a whole new range of attacks and exploitations. This is especially important for 1) major brands that are more susceptible to becoming a target because of brand recognition, or 2) any transaction-based website that houses sensitive information.

Is moving to HTTPS worth it? Yes, it has benefits. Should you move to HTTPS? Most likely yes, but only with professional oversight from a digital agency with Internet security capabilities.

What Are The Benefits?

Right now, the benefits are small in terms of search engine rankings. Google has an HTTPS algorithm that favors HTTPS sites on a page-by-page basis. However, that ranking favor is quite small and is used more so as a tiebreaker if two pages rank the same otherwise. Bing doesn’t have any form of HTTPS preferences, but does value it a small amount with their malware checks.

In terms of safety and user trust, HTTPS has a huge impact. HTTPS allows for a safe user experience and people have become to understand that the little green lock in the browser means they are secure and can trust their information to the website. If you are not up to that standard, the browser will display a yellow caution triangle or a red slash across the https:// in the URL. Neither of those are preferred, so a proper implementation is highly important. If a user is entering credit card numbers or other sensitive information and doesn’t see a green lock, they will hesitate or ditch the conversion all together. Trust is something earned, even online.

What Could Go Wrong?

There are several different scenarios that could happen that could make your website insecure or open it up to even more holes that could hurt your website. But moving to HTTPS in the correct way helps so much for both trust and security. You just have to be careful and deliberate in your process -- and an experienced digital partner is essential to security and success.

Common Pitfalls:

Outdated Security Certificate: A lot of businesses implement the security certificate that is either currently on their server, or try to use one they bought a while ago. Unfortunately the security landscape changes much too quickly for that. You should renew your security certificate every 1 to 2 years to make sure you have the latest versions and are up on current standards. If you have an outdated certificate, you can have the yellow caution or even the red slash through your https:// that shows it is insecure or at least a risk.

Incorrect Implementation: This problem is one of the most common issue we see in the digital space. You bought the right certificate, put it on your server, and pushed it across your site. Everything is great, right? Probably not. There is usually something small like the HTTP and the HTTPS both still rendering, which causes a full site duplication, or the HTTP to HTTPS redirect is a 302 Temporary Redirect, or something else that is a small hiccup that can go overlooked without a knowledgeable partner overseeing the implementation.

Obsolete Protocols: The safe versions of security protocols are TLS 1.0, TLS 1.1, and TLS 1.2 only. Disable SSL 2 and SSL 3 because these two protocols are outdated and should be disabled. This needs to happen server-side, as it will stop any requests made from these older versions. This is a highly important critical piece of puzzle. If this doesn’t happen, your website will still be critically crippled in its security.

Server Side Exploits: There are several server-side exploits that need to be closed with or without HTTPS. It just comes to light more often when a company is considering the move to HTTPS. These  exploits are constantly evolving, so having an ongoing relationship with a digital agency that knows the latest changes in internet security is very important.

For example, the biggest HTTPS exploit to come out recently is the Diffie-Hellman key exchange, also known as the Logjam Attack. 8.4% of the Top 1 million domains were initially vulnerable, and this attack has become widely popular in adoption because of the how easy it is to gather vast quantities of sensitive data quickly.

This Sounds Complex. Can You Do It For Me?

Absolutely! Internet security is rapidly evolving, and Swarm keeps up with how it affects your website. We can help you implement your security and alert you to any issues that may be coming down the pike that could hit your website. Being proactive in the internet security space is one of the best investments you can make. If your site is broken into, it could be critically damaging for your company, your customers, and your trust online – just ask AshleyMadison.com! Do it right and you won’t have to worry. Reach out to us through our Contact Page.