Rick’s a baker. He’s got a business: Rick’s Better Bakery. And he’s got a website. He’s also got a problem: within the last few months, visitors to his site are being warned that his website isn’t secure, and online orders have plummeted.
“What the heck?” says Rick. “What about my bakery isn’t secure? It’s not like we’re planning on stealing someone’s credit card number!”
What Rick doesn’t know is that Google, the makers of Chrome (and most of the apps you use every day, let’s be real), the most popular web browser in the world, as part of an effort to promote a safer internet, have begun penalizing websites that don’t have SSL encryption, and for some reason (probably because he went with the cheapest website he could find), Rick doesn’t have it.
But what is SSL, and its sister protocol HTTPS? And what can Rick — and you — do about it?
Backstory time: origins of HTTP/HTTPS
When the internet first began, it was a frontier. There were no rules, so everyone could just do what they wanted. A hacker could have started up a site pretending to be Rick’s bakery, and no one could have told the difference - or stopped him.
Back then, the standard way computers and websites would communicate was Hypertext Transfer Protocol, or HTTP. And, while HTTP was awesome and the foundation for the web we know today, it had a flaw: it was totally transparent to third parties. Meaning that anyone who intercepted your connection could see every page you visited — and what information you sent.
Enter HTTPS, or Hypertext Transfer Protocol Secure. This protocol employs SSL, or Secure Socket Layer, encryption, which makes the data passed back and forth incomprehensible to anyone other than the primary parties.
The exact meaning of the terms isn’t important, though. What’s important is that, without HTTPS, Rick can’t ensure his customers’ credit card numbers aren’t being stolen, and so Google’s marked his website as “Not Secure.”
(Another benefit of HTTPS -- and another reason Google calls plain HTTP sites “non-secure”: when a computer and the website are meeting up and shaking hands, the website provides a certificate that proves their identity, so the visitor knows they haven’t been scammed.)
What can Rick do to fix this?
Well, he could try to do it himself, and if he were to do that, he would benefit from the rest of this post that we’ve put together to help business owners like him make their website security bulletproof.
But if Rick’s a busy guy, and he doesn’t want to mess this up, he could also get in touch with a web developer (like Belt Creative perhaps…) to help him move to a secure platform like Leadpages, Squarespace, Shopify, or Webflow — all of which include SSL encryption with every site. In a matter of weeks he’s up and running with a better-looking, easier-to-edit version of his old site that doesn’t scare customers away.
Are you like Rick? Is your site getting pegged with Google’s “Not Secure” warning? Take this as a wake-up-call to get your site secured before something bad happens to one of your customers. Read on to learn how.
The Bulletproof Guide to Securing Your Website
Step 1: Check to see if your website is secured.
This is very easy to do. If you’d like to check for yourself, simply navigate to your site and look at the URL. If it starts with “https,” you’re good. If it’s just “http,” then this is a wake-up call that you’re in Google’s line of sight. It’s time to take your security seriously, or face the consequences.
Step 2: Implement the following 3 tactics — get your SSL certificate, keep your CMS up to date, & keep regular backups of your site.
The world of online security can be daunting, but it doesn’t have to be. By implementing even one of these tactics, you’ll be leaps and bounds ahead of most business websites. When you implement all three, you become virtually invulnerable to the most common cyber security threats.
Secure your website with SSL
If you’re comfortable getting hands-on with your website, Let’s Encrypt offers detailed tutorials on how to get your own security certificate. If you’re not comfortable getting up to your elbows in code, it’s probably a good idea to work with a trusted web developer that has experience implementing SSL.
Keep your CMS* and software up-to-date
In Wordpress, go to your “updates” tab to see what’s available. It’s a good idea to do this at least once a month. Before you update your CMS and plugins, read up online to make sure that the updates don’t introduce any new bugs that could break your website.
*Content Management System (such as Wordpress, Squarespace, or Shopify)
Have regular backups of your website, and have a contingency plan in case of emergencies
What happens if something gets through the cracks? It’s important to have an automated backup system in place so that you can restore your website in the event that you get hacked. How you go about doing that depends largely on who hosts your website, so it’s a good idea to check with them.
Step 3: Use the following checklist to regularly review your website security
☑ SSL on Every Website Page:
Make SURE that your website has HTTPS / SSL. If it doesn’t, you need to ask your web developer to upgrade your website ASAP or your website is going to start hemorrhaging more and more traffic and conversions every day.
☑ All Software/Plugins are Up-to-Date:
Every month, you should go through and update your CMS and, if you’re using Wordpress, your plugins. Outdated software and plugins are the #1 factor that leave you open to attacks. If you’re using a DIY website builder such as Leadpages, you don’t have to worry about this step since they take care of it for you.
Do you have an automated backup schedule for your website? This is CRITICAL, otherwise your website (and your reputation) could vanish up in smoke if you get hacked. Ideally, you should have a backup of your website created for you every day.
☑ Contingency Plan:
What happens if your website gets hacked? Take time to work out a plan with your web developer to get your website back online if it goes down.