WHEN you log on to the Internet, you will notice that some websites will start with HTTPS in the address bar, with a lock icon and the word ‘secure’. However, if you log on to others, you will notice that they do not have this at the start of the address and instead, in certain browsers, some have an ‘i’ within a circle – this indicates an HTTP. But what are these and why do they matter?
What is HTTPS?
HTTPS was introduced in 1994, with the modern version, currently used by browsers in place since 2000.
HTTPS means Hyper Text Transfer Protocol Secure and means a website has a secure connection over which data is sent between a browser and the website that you are connected to. All data that is transferred is encrypted, meaning that highly confidential information like banking and online shopping order information is safe.
If a website does not have a secure connection (an HTTP), it is possible that an imposter might be able to access your data and be able to view confidential information such as client logins or credit card details on an ecommerce site.
How is this possible?
When you connect to a website with a regular HTTP, a browser looks up the IP address associated with that website and connects with it. This website assumes it is connected to the correct web server and then your data is sent over the connection. If there is an imposter, it is possible for them to eavesdrop on your data and gather the information that is being passed back and forth.
In some instances, some web users have been convinced that they are connected to their bank’s website, when in fact, they are on a compromised network and are being redirected to a fake site where their bank details are being accessed.
I don’t deal in ecommerce therefore I’m safe
WRONG! An HTTP actually also allows for imposters, such as Internet service providers to snoop on your web browsing history and for them to change your website’s web pages if they wanted to. They could change content, remove content and add adverts to your website, for example.
In addition, Google has also started penalising websites in the search engine that don’t have an HTTPS. That means you might be ranked lower than a competitor that does have one in place.
How can you fix it?
HTTPS is a fairly recent introduction, but is something that the entire World Wide Web is moving towards and is something that every website should be switching to. In order to make sure your website is safe, you need to ensure it has an SSL certificate.
This is a small data file that digitally binds a cryptographic key to an organisation’s details, keeping them safe.
This ensures that your website has an HTTPS connection and all communications are encrypted. So, if anyone was able to break into the connection, all information contained would not make sense to the user.
If you would like to discuss website security further or you are looking to have an SSL certificate installed on your website, contact the team at Wired Studio on 01224 826664 or email firstname.lastname@example.org.