Security! This Site Isn’t Safe! What Will Google Do About It?
September 8th, 2017 by
Business is booming, leads are pouring in from your homepage form, and it seems that the direction of your company couldn’t be brighter. Then your leads seem to stop in the tracks and business slows down considerably. What could’ve happened? Your landing pages and main site call to action are perfect for getting users to fill in forms. Then, as you peruse your site, you notice something new, and now one of your greatest assets is your greatest foe.
Google and The Internet
I’m sure everyone here is familiar with the fact that Google got its start as a search engine and is now the most popular. After conquering the way people search, Google decided that it was time to innovate how people browse the internet itself. In September of 2008, Google Chrome was released in its beta format. This new web browser boasted being integrated with Google technologies and quickly put a foothold into the internet browser market. Now that Google controls a majority of the internet browser market share, their next big move is about to launch—security.
Internet and Privacy
The internet has come a long way since my childhood days of signing into AIM over a 14.4K dial-up modem. Now, I play League of Legends (yes I am using them as my example) with my gaming rig linked directly to my cable modem with a T1 cable that provides download speeds of at least 150mbps. With this rapid transfer of information constantly happening, one has to worry about the downsides, right? Right? Most of us don’t think about the downsides, but Google has thought of this for us. Back in January of this year, Google released its first major security update from the scope of usability.
Previously, a lowercase “i” was displayed in the address bar and could be clicked to display more information about the particular web page including the security of your connection, how many cookies the page uses, and a plethora of other tidbits of information. Now, whenever you enter a password or a credit card number on a site that isn’t secure, a handy message pops up to indicate that your connection to the website is not secure.
So What Exactly Is a “Secure” Site?
A website that doesn’t have an SSL Certificate installed transmits all data as plain text. Meaning, if I type my name “Jared” or my email address, or even “281-330-8004” into a field on an http website and send it to the server, it will be sent and saved on the server as plain text. What this means is that any vulnerability that is exploited in one of these sites would hold a nice, tasty database of personal information for would-be attackers to exploit. Sites with https servers work a bit differently. Your computer and the secure site initiate what is commonly referred to as the “SSL Handshake” to confirm that it is trustworthy. The https sends its SSL Certificate over to prove that it is a source that can be trusted. Any information shared over this connection is encrypted, which means that even if an attacker is able to procure a database of information that doesn’t belong to him, it will be encrypted and unable to be read.
And This Has to Do With Google How?
At Search Influence, it is our duty to know Google as well as we know ourselves. Through various means, we keep tabs on Google and exactly what this robot and its creators are really up to. In our findings, we’ve discovered that Google is about to shake up the internet. On October 1st, Google Chrome will receive a security update that will change how it displays sites that are not secure.
The graphic above displays past, present, and future versions of Chrome. As you can see, the “not secure” notification in the address bar will not only display on password and credit card form fills, but on **ANY** form fill. Google is using its bots to track down any <input type=”x”> elements on your page and flagging them according to the notice that webmasters received in Google Search Console.
That Doesn’t Seem THAT Bad
If you feel this way, I’m personally inclined to agree with you. Most of my online purchases and passwords are already behind secure sites like Amazon and the like. If some hacker gets my email or my alternate email, why would I care? Well, if you think like me, there will be an eventual rude awakening. Google has already announced that it plans on marking all non-secure sites with a nasty red triangle and red text reading “not secure” in the address bar (see below).
That tiny addition to the address bar may not cause a slowdown in form submissions on October 1st, but in the future, when that beautiful red triangle and glorious red text appear next to your web address, I’m sure people will think twice before submitting their personal information to your website. There’s no need to panic about this quite yet; Google hasn’t announced an official time of release for that update and, luckily, they’ve given us ample time to comply.
Will This Slow My Site Down?
Barely. Previously, this was an issue with https websites sometimes taking a half a second longer to load, but in this day and age, technological advances have reduced this slowdown time to a few milliseconds. If you do migrate your site to a secure server and notice significant slowdowns, it more than likely means that your site isn’t optimized for a secure server. Cloudflare has an in-depth article about bolstering your site’s configurations to improve speed after migration. The benefit of a visual that proves your site is secure is definitely worth the cost of a negligible increase in load time.
In addition to migrating your website to a secure server, some auxiliary tasks must be completed to ensure your search rankings aren’t affected. Here at Search Influence, we know that your business is very important to you. Contact us for help ensuring your website is safe and secure for your visitors.
If you want some more information about Google’s push for secure sites, check out the talk below by Emily Schechter, Google’s own Security Project Manager.