Most of us know that when we enter our information in an online form, we’re taking a risk. And as a number of recent data breaches have shown, there’s no such thing as total online security. Still, it’s a risk most people and businesses can’t avoid. When you submit your private data to websites day after day, it’s easy to become complacent and assume the sites you’re dealing with are trustworthy.
Google is leading a new effort to educate web users on the realities of online security —or the lack thereof. For a while now, the Google Chrome browser has shown users a “not secure” notification when they visit an HTTP page with a credit card or password field.
Image courtesy of Google Chromium Blog
Google currently identifies entry fields that require sensitive data with a “Not secure” warning when they appear on HTTP sites.
Starting this October, that “not secure” warning will apply to every HTTP page that asks users to enter data, as well as any HTTP page that users visit in Chrome’s Incognito mode.
These warnings may seem like overkill to experienced web users, but many people wrongly presume that their data is safe—for instance, if they’re using the site of a company they trust, or if they’ve turned on Incognito browsing to keep their activity private from other users of the same device. Likewise, many people assume that if they’re not entering specifically secure information—credit card numbers, passwords, social security numbers, etc.—that they don’t have to worry about handing over less sensitive data such as usernames or email addresses.
Google believes that this misplaced confidence is a major problem for web security efforts, which is why the company is attempting to both educate Chrome users about the dangers of unsecured sites and encourage webmasters and site owners to move their sites to the more secure HTTPS (the “S” stands for “secure”). Data entered on an HTTPS site is automatically encrypted, making it much more difficult for hackers or other unapproved user to access.
An article in Wired estimated that roughly half of the sites on the web have moved to HTTPS as of early 2017, and that figure looks likely to keep growing. According to Google’s Chromium Blog, the company has seen a 23% decline in users entering data on non-secure HTTP sites since the original “not secure” warning was introduced. That’s a pretty striking figure, and one that suggests that webmasters who don’t make the switch to HTTPS in October run the risk of missing out on a significant chunk of business.
To assess the work that lies ahead, use your website management tool to set a policy that identifies every HTTP page on your website that includes a form. This way you have a clear overview of necessary updates and can delegate them to your team.
Setting a website policy that identifies all forms on HTTP pages can give you a clear overview of which pages to address for the Google Chrome update.
The next step is to check out Google’s detailed how-to guide on enabling HTTPS on your servers.
While Google isn’t making HTTPS mandatory for transactional sites at this time, it’s clear which way the tide is turning. If your site still uses HTTP on pages with data entry fields, now is the time to upgrade security. It’s a move that will benefit both your users and your business in the long run.
For a secure, polished, and brand-compliant digital presence, check out these eight other policies your website needs in this free web guide.