After the enormous efforts of organisations to comply with the new privacy legislation (GDPR) before 25 May, a new challenge will follow in this privacy area. As of 23 July 2018, websites with a secure connection must be reachable (HTTPS) in order to be certified ‘safe’ in Google Chrome. Many websites of larger organisations are already equipped with HTTPS, but for many smaller organisations and SME’s this is a new task on the road to a secure online environment. Cybersprint is happy to provide practical tips for the security of your website, including the installation of HTTPS.
As of 1 July, Google Chrome will qualify all websites that are not using HTTPS as “unsafe”. Google Chrome is one of the most frequently used web browsers and sets an example for others such as Internet Explorer, Firefox, Safari and Opera. Last February Google already indicated that from 1 July, with the new release of the web browser Chrome, websites with only HTTP will get the ‘not secure’ mark. Website visitors will then have less trust in the website and the company and will be less forthcoming to share their data. For example, if you invest a lot of money in a good webshop as an entrepreneur, the lack of the ‘S’ in the web address bar is disastrous. This measure could have a serious impact on the number of website visits and the online reputation of organisations.
What does HTTPS mean?
HTTPS stands for ‘Hypertext Transfer Protocol Secure’. For a website with HTTPS, the connection between the browser and the website is secured with SSL encryption, which can be recognised by the green lock in the address bar of the browser. This means that the data exchanged between visitors and a website is encrypted and not readable by hackers and cyber criminals. As more information is revealed about global mass surveilliance and criminals stealing personal information, the use of HTTPS security on all websites is becoming increasingly important regardless of the type of Internet connection being used.At the start of 2017 only 15% of the business .NL websites was equipped with HTTPS (source: combined research SIDN and MKB in Dutch). Meanwhile, a number of organisations have adjusted this, but unfortunately not every company is familiar with this important adjustment.
How can you install HTTPS?
To make a website available via HTTPS an SSL-Certificate is required. The SSL-Certificate is used by the browser to encrypt the connection between the browser and the website.
The following steps can be carried out by the website administrator and/or hoster:
- Purchase an SSL certificate via your web host or else via organisations such as Let’s encrypt (free) or SSLcertificaten.nl (reseller of the more well-known trademarks certificates)
- Install and configure the SSL certificate on the web server. If necessary, look at cipherli.st for configuration best practices.
- Make sure that all website addresses from HTTP are forwarded to HTTPS.
- Test the security of the configuration via an SSL Labs scan at ssllabs.com/ssltest.