January 2017 has seen Google release a significant update to Chrome, the most popular desktop web browser (NetMarketshare). In some cases the change notifies users visiting a non-HTTPS website with a ‘Not secure’ or ‘Dangerous’ icon alert in the address bar of the browser. These security changes to the Chrome browser are detailed on the Google Security Blog. “To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.”
So what does this all mean?
Pictured below are the various alerts your customers may see in their chrome browser address bar depending on your website setup. The impact of these alerts on a customer’s confidence and trust can be significant for your business given the security and hacking fears within the media today.
- The SECURE security status in the chrome address bar of a website secured by a SSL certificate correctly installed. 2) The INFO or NOT SECURE security status in the chrome address bar of a website which isn't using a private connection. 3) The NOT SECURE or DANGEROUS security status in the chrome address bar of a website which has been flagged dangerous. Eventually Google plans for all websites not secured by a SSL certificate to display the Not secure red triangle in chrome browsers.
What can you do to instill customer’s confidence with your website and business?
It’s simple! Making your website HTTPS compliant by obtaining and installing an SSL certificate is by far the safest and best long term approach for your online presence. Netregistry offers GeoTrust certificates, highly regarded as an affordable, trusted SSL solution. Find out more - https://www.netregistry.com.au/security/ssl-certificates/ What is a security certificate? When customers visit your website using browsers like Chrome, the website’s server displays information about the site’s identity. Many websites will have a certificate that proves their identity and use HTTPS (connection security), however it is simple to create a dodgy certificate to trick browsers and their users. To combat this, Chrome browsers and many other browsers will look to identify certificates from trusted organisations and providers, in a bid to help internet users stay safe on the web.
What are the options?
Security SSL Certificates SSL (Secure Socket Layer) Certificates are the ideal solution to ensure your site is deemed secure and to help mitigate the impact of security status alerts. SSL certificates from trusted organisations should only be used to avoid the impact of a certificate being displayed as Not Secure or Dangerous. Read more about SSL certificates and why you need one here https://www.netregistry.com.au/blog/what-is-an-ssl-certificate-and-why-do-i-need-one/ Website Security Reviewing a website’s security is a must as users of the internet continue to grow and evolve. New threats emerge on a regular basis, requiring websites to conduct regular reviews. Set and forget is fraught with danger. To help our customers defend their websites from the risks of malware and hacker attacks, Netregistry offers security services to help detect different types of security threats, and prevent and recover from breaches. Website Security is a service that takes proactive measures, providing an extra level of protection. Daily scans of your website will help detect and remove any malware, and help prevent your website being blacklisted by search engines, both outcomes which could see your website’s traffic plummet. Keep your site clean and free of malware, while protecting your customers and business. Find out more https://www.netregistry.com.au/security/website-security/ For more information, visit the Google Security blog https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html https://security.googleblog.com/2016/11/heres-to-more-https-on-web.html
