It seems like every article we write is about security. WHY? Plainly stated, data security is the biggest challenge in our field. Through the digital age revolution we have hit many obstacles:
- Prior to the internet the problem was getting access to data.
- Next we have access to the internet, but not our data.
- Introduce smart phones and tablets and we want real time access to all of our data.
- We have solved our data access problems except for one thing-- other people are trying to access that data and making you pay them to release it.
This blog will be a little different from our previous articles. This should focus on why Google wants you to be secure. We are going to focus on a pending change listed HERE.
Google Chrome is going to force all HTTP sites to show as insecure.
WHAT IS THE DIFFERENCE ANYWAY?
Secure websites guarantee all data that you send/receive from the website you are visiting is sent with encryption. When you visit a site without a secure certificate you will visit an http://website.com link and when you visit a secure site it will be httpS://website.com.
To illustrate this, here is a link to the College World Series website: http://cwsomaha.com
And here is a link to the NCAA College World Series: https://www.ncaa.com/news/baseball/article/college-world-series-schedule
The difference is that the first link is not secure. Anything you input on this site can be detected if someone was trying to monitor your input. The second link does not allow the hacker to view your input.
When visiting a secure site you also have the benefit of knowing a secure site has been verified and is the actual site you are visiting. Phishing scams start because a hacker can build a site to look like wellsfargo.com and trick you into thinking it is real. A proper security certificate can only be applied to one domain name and when you visit wellsfargo.com you will see that they have a certificate applied.
OK, NOW I WANT TO USE SECURITY!
Does it matter if you want to view info on the college world series? No, probably not.
Does it matter if you want to transfer money to perform some bill paying? Yes, it does.
Any time you are putting any type of login to a website, using any account number, showing your social security number, or buying anything, you should do so on a secure site.
THIS IS NOTHING NEW, WHY ARE YOU TELLING ME NOW?
Google has put a line in the sand to say that as of July of this year any website you visit that does not have a secure site will tell you that you are not secure.
This will only happen if you are using Google Chrome.
If you are using Mozilla Firefox, Internet Explorer, or Edge you will not get this warning.
HOW CAN I ADD THIS FOR MY WEBSITE?
The easiest way to add this is to reach out to your web host vendor. The website vendor will need to request the certificate. I have seen certificates for as low as $8 per year and as high as $100K. They all come with different levels of validation and trust relationships. You should be able to find a solution for your website for around $100 per year.
Google Chrome is making this change with an update sometime in June or July. The main purpose is to push all websites to a secure format. Anything you can do to help mitigate risk of your personal data should be taken advantage of, and Google is trying to get everyone to think more about these items.
If you want to change your website to offer a secure certificate reach out to your web vendor. If you want to get more info about web security reach out to IRIS Solutions. We can always help.