Many law firms opt to utilize secure connections for their websites, partly for the added security of HTTPS pages and partly because it shows you take safeguarding clients’ personal information seriously. That’s appropriate, but now it is becoming a necessity. For those firms who haven’t yet arranged for SSL certificates on each of their web pages, it’s time to do so.
Cybercrime of all kinds is on the rise, and small or mid-sized law firms are increasingly at risk from hackers out to steal valuable information they can use for blackmail, identity theft or even profiting from advance notification of pending business deals. These firms are also perceived to be softer targets with less stringent security protocols in place than the big brands we see in the news as victims of major breaches.
Aside from the safer environment created by secure connections, web pages that rely on the older HTTP technology are being labeled as vulnerable by Google. Site visitors who use the Chrome browser now get a warning of “Not secure” on pages that ask for passwords or credit card data, and other browsers are very likely to follow suit.
Up until now, examining the url was the only way to determine which type of connection a particular page used. Pages that utilize SSL connections have addresses that begin with HTTPS://, while those without the certificates begin with HTTP://. But ever since 2014 Google has offered preferential treatment to sites that have SSL, in the form of a small SEO advantage.
Identifying insecure sites and pages in a more noticeable way is part of Google’s push to create a safer online environment and help web users become more aware of data security. The new tags won’t be the end of this effort, either. In the future, Google wants to see all connections use HTTPS, as they describe in their security blog:
Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as “not secure,” given their particularly sensitive nature.
In following releases, we will continue to extend HTTP warnings, for example, by labeling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.
Obtaining and using an SSL certificate for your site isn’t difficult or expensive, although incorporating the technology smoothly may necessitate some SEO tweaks. An IT professional or expert web developer can handle this easily, so don’t let potential SEO challenges discourage you from moving to SSL where appropriate. Google even offers advice for developers to help them update their sites correctly.
Even if you currently use SSL on some portions of your firm website, it’s important to encrypt the site completely and correctly, or visitors will see the warning from Google. Leaving any pages or elements unencrypted will result in the alarming “Not secure” tag, which won’t encourage them to explore and linger on your site. That warning serves as a flag to everyone who sees it that your site – and your law firm – may not be the best place for them to think about doing business.
Don’t take risks with unencrypted data, or allow site visitors to get the impression that you don’t pay enough attention to protecting their information. Read up on the topic, reach out for professional help and do what’s needed to ensure that your site is fully compliant with Google’s new policy regarding secure websites.