Will your website be marked “Not Secure”?

Starting next week, some websites will be marked “Not Secure”. This is because the Chrome browser will no longer be highlighting secure websites, but will instead highlight insecure websites. This is being done to highlight negative behaviour in respect to security, rather than reinforcing positive behaviour. The others browsers (Firefox, Opera, Internet Explorer and Edge) will do something similar in due course. If your site is affected this might come as a shock to you, but trust me it is a positive step to a better internet. Read on and be re-assured.

How will I know if my website will be marked “Not Secure”?

If the link to your website is https://www.mywebsite.ie (with mywebsite.ie being whatever your website name and domain is) then you will be OK. Close this article and get on with your life.

If however the link to your website is http://www.mywebsite.ie (no “s” after the http bit), then Chrome will highlight this in the address bar as being “Not Secure” like this:

What’s the difference between http and https?

http stands for HyperText Transport Protocol. It’s how web pages are transmitted around the internet. When your website is using http, it is transmitting all of the bits and pieces of data on your website to people browsing the site “in the clear” (i.e. exactly as it is seen). If anyone was to intercept the traffic, they would see exactly what it is that people are looking at on your website. They would also be able to add (or inject) data of their own into the traffic and thus make it appear that your website is serving advertisements (for example).

https adds the word “secure” to HyperText Transport Protocol. What happens now is that the data from your website will be encrypted (i.e. scrambled into meaningless gibberish) before it is transmitted to people browsing your website. If somebody intercepted the data, they would not be able to determine what it is that people are looking at on your website. The integrity of the data coming from your site is also maintained and nothing could be added to the traffic from your site.

My site is simple and boring. I don’t ask for peoples details or credit card information. Why is this happening?

A website that is using http only is very easily compromised and such a compromise could cause your business reputation damage. If you don’t believe me check out this video. If you want to watch the whole thing (it’s 24 minutes long) please do, but to see quickly just some of the compromises, watch from about 7:04 for about 5 minutes. I’m afraid he does talk very technically, but I think you will appreciate the consequences from seeing what happens to a plain, boring blog site.

The reason this is happening is because more than 50% of the websites on the internet are now being delivered by https. So we are all familiar with the sight of the word “Secure” in green along with the padlock:

What a lot of people would think is that this means the website is trustworthy … that is NOT THE CASE at all! All it means is the connection between the website and a person’s web browser is encrypted securely. Evil doers have lots of websites that have this “Secure” marker too.

So Google are switching the focus from highlighting sites using https to highlighting sites that don’t. So the green “Secure” with the padlock will disappear from “normal” sites. Then sites using http will be marked “Not Secure” in red. This will be an impetus to help drive the internet to being more secure.

My web person is saying that it will cost me money to get https on my website. This is just a rip-off!

Actually you can get https on your website for free, very easily. Your domain hosting provider may offer this service to you (my own host does so). If not, then Troy Hunt (the gentleman speaking in the video above) set up a website called HTTPS is easy on which he has 4 short videos on how you can set up your website to be https for free and in about 5-10 minutes (although there is one bit where you may have to wait 24 hours for the internet to work it’s magic).

Anything else?

If you want to get some more advice, drop an email with your questions to support@L2CyberSecurity.com and we’ll be happy to address them for you.

Also if you are interested in learning how to use the internet more safely, check out the training that we offer. If you want to find out more then call on 087-436-2675 or e-mail info@L2CyberSecurity.com.

In the meantime, watch those videos and see how you can stop your website be marked “Not Secure”.