January 18, 2017
Make 2017 the Year of Cyber Security: Encrypt Your Website
2016 was a year filled with data hacks and security breaches. From stolen personal emails to the attack and virtual shutdown of entire swaths of the internet’s infrastructure, no one was safe from hackers. Both small personal websites and one of the largest search engines in the world were compromised and the personal info of hundreds of millions of people were put at risk. As we kick off 2017, tech experts and IT professionals are scrambling to prevent similar cyber catastrophes from taking place.
So when it comes to keeping your important data safe, where can you start? While there is a lot to take into consideration, perhaps it is simplest to begin your quest for increased security with what’s at the top of your website: the URL.
HTTP vs. HTTPS
If you look at your website’s URL, you will notice either HTTP or HTTPS. They may look similar, though the difference between them is immense. If your website does not have the “S” at the end of HTTP, your chances of being hacked are significantly increased.
HTTP stands for Hypertext Transfer Protocol and it is used to communicate and transfer data from devices and web servers. The addition of the “S” means that your website is secured by a TLS (formerly SSL), or transfer layer security. The TLS uses a code to encrypt the data stored on your site. When a website is encrypted, only a secret password or key can unlock the data the site holds. The sheer number of algorithms used to decrypt the ciphered text makes it very difficult for hackers to uncover your “secret code” and intercept the data and messages you share. Every browser, device, and server supports TLS.
Without the added security of TLS, all of your data is visible to those who may access your network. Every single website. Every single item you searched. Every payment you may have made and to whom. With so much of our lives online and unsecured, there is plenty of information a hacker can choose from.
Your personal or small business website being hacked may not conjure the same outrage and alarm the news of Yahoo’s 2014 hacking caused in September of 2016, in which the personal information of over 500 million Yahoo users was stolen. However, even if the private information of two of your clients, customers, or web visitors is compromised, your organization may face detrimental backlash. Just as quickly and easily as hackers stole your data, your company can lose customers, partners, and financing.
The Past, Present, and Future of Encryption
Encryption is not anything new. It’s been around since before the dawn of the digital age. In fact, encryption has existed since 1900 BC, when hieroglyphics were the main form of communication in Ancient Egypt. The unique symbols used as text were meant to hide the messages’ meanings from others.
Thousands of years later, while the means of encrypting may have changed, its purpose has not. Today, even if your website isn’t encrypted, encryption surrounds you and has found its way into nearly every facet of your daily life. Your emails are encrypted. Your smartphone is encrypted (which caused quite a controversy in 2015, when the federal government asked Apple to share its encryption code so it could access the phones of the San Bernardino terrorists). ATMs are encrypted in order to protect your bank accounts. Even your automatic car keys are encrypted.
Encryption protects your communications, your phone, your money, and even your car. Why not use it to protect your website, the credit card info, the passwords, and all else it can store?
A growing number of websites are taking advantage of the added security encryption offers. WIRED recently called 2016 “The Year Encryption Won.” Billions of people are now keeping their personal info safe on encrypted websites and apps, including the popular communication services WhatsApp and Facebook Messenger.
2016 also marked the year in which the free encryption authentication site Let’s Encrypt became one of the most popular authentication services on the internet. Since it became public in 2014, it has issued over 12 million HTTP certificates and counting. This number is sure to increase as WordPress websites will now default to encryption by using the service (a much-needed move, as reports indicate that nearly 16,000 websites supported by WordPress were hacked in 2016). Let’s Encrypt has made securing the web cheaper, easier, and hassle-free.
There has been a staggering increase in encrypted web traffic, a number Google says is about 77 percent. However, despite this impressive number, the United States still only places ninth in the world when it comes to protected web traffic. The leader? Mexico, with an impressive 86%.
As hundreds of websites are created per minute, encryption will be more important than ever. While, as WIRED reports, encryption may be challenged by the possibility of the new presidential administration demanding government access to encrypted data, a bipartisan congressional group recently stated that “any measure that weakens encryption works against the national interest,” signalling a commitment to online security now and in the future.
From Speed to SEO: Other Benefits of Encryption
If improved security isn’t enough (although it should be…), there are other benefits to encryption that put the “S” in HTTPS: speed and SEO.
Encrypting your website will not only improve its security, but it will also improve its performance. Web browsers will give encrypted websites a little boost when it comes to speed. A new protocol, called HTTP/2 will help websites load and transfer files faster than ever before. The catch? Websites must be encrypted through HTTPS.
Encryption will also improve your SEO scores. If your website is not encrypted, Google Chrome will start warning web visitors by labeling your site as “non-secure.” This will severely limit your web traffic and the visibility your site receives as a result. Visitors are less likely to visit a website they know isn’t secure, especially when a major company such as Google tells them this is so. Your ranking will also be affected. Currently, Google is monitoring only a small percentage of sites and queries and using encryption as a ranking “influencer.” But the search engine warns that more websites will soon be affected as it expands its efforts.
“We’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web,” Google said in a blog post about the important changes.
Once a giant such as Google starts to enforce HTTPS certification, other search engines are sure to follow. If not certified and encrypted, all of the hard work you put into your site in helping it break into the top search results may be jeopardized.
How to Get Encrypted
While a decade ago, encryption may have been time-consuming and costly, it has now never been easier. In many cases, acquiring the certification needed to become an HTTPS site is absolutely free. Let’s Encrypt has been able to offer its services without charge thanks to the generosity of sponsoring companies like Google Chrome and Cisco.
Many of these sites utilize one-click HTTPS certifications, transforming a process that used to take considerable time into an easy process that takes seconds. Everything is automatic, from installation of the certificate to its renewal. With so little time and money at stake, there is no excuse not to take the few steps needed to encrypt your website.
Increase Your Cyber Security with KDG
Hackers had an eventful 2016. Don’t make their New Year as enjoyable. KDG has spent over 15 years helping businesses, nonprofits, and even colleges and universities build safe and secure websites. From the national healthcare field to local construction firms, we’ve developed secure databases and programs that keep data safe and personal information protected from outside parties.
Even if your website is encrypted, there is more you can do to prevent yourself from being hacked. From protecting your emails to updating your servers, we have a team of tech management experts who are ready to keep you safe from a cyber attack. Contact us to learn more about the ways we can help you protect your online data.