Protection of our personal information online is becoming an increasingly hot topic as we spend more time on the web and technology allows us to do more there. In this climate, businesses need to treat website security as an essential rather than a nice to have. But how do we secure something we can’t even see?
Let’s cover the key questions SMB owners should be asking of their website security.
Why is website security and encryption so important?
First thing’s first — let’s look at what encryption is and why it’s so important to your business and your customers.
A company’s website gathers customer information in multiple ways: forms, user registration credentials, credit cards for payment, etc. This sensitive information generally passes through dozens of servers and networks as it travels between your website and your site visitor’s browser, and vice versa.
At any stage in this journey the information can be intercepted by nefarious types and used with malicious intent, potentially damaging your customer’s trust and brand loyalty, not to mention costing you a lot of money. A secure connection safeguards against this by encrypting the user’s information before it leaves your site, and then decrypting it again when it arrives at your visitor’s browser destination, and vice versa.
What are HTTP, HTTPS, SSL, and TLS?
You may be familiar with HTTPS (or HTTP) because it comes before the URL in your web browser’s address bar.
HTTPS stands for Hypertext Transfer Protocol Secure, and is a layered combination of the Hypertext Transfer Protocol (the foundation of data communication for the web) and SSL/TLS protocol (Secure Sockets Layer and Transport Layer Security [a cryptographic protocol that enables secure communications over the net, with TLS being the successor to SSL]).
A secure HTTPS connection is provided via the use of a third-party secure Certificate, which gives your website a stamp of authenticity and security. This lets your visitors know they can both trust that the pages on your site are indeed authentic, and that you can be trusted to handle their sensitive information. For a deeper understanding of how HTTPS works, head here.
What is a CA (Certificate Authority)?
Often referred to as a CA, a Certificate Authority (sometimes also called a Certification Authority) is a third-party organisation that provides companies and their websites the encryption and related secure certificate that allows them to offer users an HTTPS connection while browsing their website.
A Certificate Authority validates the identity of a website and binds it to a cryptographic key as part of the HTTPS Digital Certificate. Website users can then access information about the certificate the site they are browsing holds.
Which companies should have a secure certificate?
It used to be that HTTPS certification was only necessary for websites that dealt directly with high-risk financial information like credit cards and bank account details, and personal communications i.e., e-commerce, banking, and email platform sites.
In more recent years, Google have ramped up their efforts to keep accounts and information private and secure, and to protect page authenticity across a wider variety of websites.
This means that websites with a secure HTTPS connection are rewarded with a closed padlock icon to the left of the URL in the browser’s address bar — this tells them you value their privacy and personal information and have taken steps to secure it.
This is what you see in Chrome when you visit an HTTPS-certified website:
Google has ended the ability to connect Google Ads Auction Insights data to Looker Studio reports. In this post we’ll cover why this data is important for guiding optimisation decisions for Google Ad campaigns. We’ll also discuss our workaround for this new limitation and what it means for you as a business owner that is familiar with receiving this type of info each month in your reports.
What is Auction Insight data?
Simply put, it is a collection of metrics that compare how a business’s Google Ads perform in auctions against other competitors. This info can reveal increased efforts from competitors and signal when to adjust bids, examine quality score, etc, to regain that prominent ad positioning.
Why did Google do this?
The reason for this is a mystery. Google has not made any announcements to explain this decision. The data is still available in Google Ads. However, the ability to adjust how that data is presented is limited in their platform. For us this has reduced the ease at which a quick analysis can be completed. One can speculate that removing this data connection takes some pressure off their infrastructure required for these data exchanges. Perhaps also improving some of their systems from potential security breaches.
Where to from here?
The question we need to ask is is it useful for business owners to receive this level of info? When a decision needs to be made to increase a budget or steer away from a specific keyword then this info should be brought to light. Auction insight data can help clearly demonstrate why this action needs to be taken and provides comparative data to show that these actions had a positive impact. It can be argued that this data should only be accessed and interpreted by a specialist, and presented to business owners when appropriate, such as during a scenario mentioned above.
Our thoughts
While there has always been some PPC specialists on the fence whether to divulge this data each month. Google has forced our hand here. Fortunately we still have access to this important data set to help us steer our efforts. The positive outcome is that we will simplify our reports for you and let you know when and if there are any concerns around increased activity from competitor activity that impacts your ads performance.
And when you click on the padlock:
What happens if you don’t have a secure certificate and an HTTPS connection?
Google have been slowly increasing the pressure on site owners to make their websites secure, encouraging them to take encryption seriously.
In January 2017 Google changed their Chrome browser so that websites with unsecured HTTP connections displayed an ‘i’ icon to the left of the address bar. Clicking on this icon warned the visitor that site was not secure.
In October 2017, they added ‘Not secure’ text display beside the ‘i’ icon when the visitor starts to enter data in any kind of field on an HTTP site.
In 2018, Chrome dropped the ‘i’ icon and now use a hazard icon and ‘Not secure’ message as shown below, for any non HTTPS websites.
And when you click on the warning:
In October 2020 when Chrome 86 rolled out, the browser began showing a warning when users start filling out a mixed form — a form on an HTTPS website that doesn’t submit via an HTTPS channel. This was part of Chrome’s gradual push toward blocking mixed content.
Is website security an SEO factor?
Another reason to get your site HTTPS secured is that Google deem websites with HTTPS connections to be safer than those without, giving them slight preference in search results.
This helps serve Google’s objective of returning the best results for users’ searches, i.e., high quality websites that offer both robust security and great content that addresses the user’s search term.
Taking all practicable steps to secure your website
When we leave our cars, we lock all the doors, not just a couple to give the illusion of a secured vehicle. For the same reason, comprehensive website security is a key element in the holistic approach we take to creating effective websites for SMBs.
We take our client’s website security very seriously, and only use premium HTTPS certificates from digicert, a highly reputable Certificate Authority. With our decades of experience in website security we know that the small annual cost is well worth the peace of mind that the premium service offers.
If you have any questions about the security of your website, drop us a line.