On Law Firms, Google Chrome and HTTPS
- Google is giving more prominence to web security, specifically around secure domains, starting in October 2017
- This most recent change will only affect the browsing experience of Chrome users, not website search rankings
- HTTPS is just one of many ways websites and information are kept safe online
- FindLaw already has many additional standards in place that protect our clients’ websites
HTTPS: One more step for internet security
Creating a secure internet has always been important to one degree or another. One of the hottest topics back in the 1990’s was privacy. (Remember those scary new exposés about what goes on in chat rooms?) As the web became more commonplace, people became more comfortable with revealing their identities online. Think about it. Contrast the chat room concerns of the past with today’s web, where adults and children alike are completely comfortable using Facebook to access trivia games on their smartphones.
People have grown accustomed to less and less privacy on the web over time. And yet, they still maintain an expectation that the services and companies they use (Facebook, Apple, their bank) will carry the burden of keeping their sensitive information secure.
The logic behind that decision is up for debate elsewhere, but the reality for many big businesses is: protect your users from themselves, or else.
Google is no exception to this trend. Over time, they’ve made countless changes to their services in order to keep their users’ information secure. Including one starting this month. Google has begun or will soon begin to show warnings to users of their Chrome browser who visit a site without a secure domain. If this includes your website, you should be aware of this change, but not necessarily worried about it. Before I explain why, let’s look at the bigger issue.
What is HTTPS?
HTTPS stands for Hypertext Transfer Protocol Secure. It is a means of sending information through the internet from one computer to another. HTTP has been in the common language for decades now, and the added S simply indicates that the data being transferred (there’s that second T) is protected from prying eyes.
In simple terms, this means that a person submitting a website form can be reasonably certain that they’re engaging in private communications with only the website they’re visiting. (Pretty important if you’re sending your tax return to the government or placing a $1,000 reservation on a new Tesla.)
HTTPS is easy to verify as these websites will include “https” in their URLs. If your web browser has a more “user friendly” address bar, they will often indicate the security of a domain with a lock icon or some other visual indicator.
It’s worth noting at this point that HTTPS is just one of many elements that add up to online security. HTTPS only refers to data transmission and it’s not all-encompassing. A website may be hosted on a non-secure domain and use a contact form that is actually using HTTPS.
Beyond that, there are many other factors contributing to the overall security of any single browsing session. Open wifi networks, individual browser settings, and how a user responds to security warnings and notifications all add up to an experience that can be anywhere from drum tight to wantonly unsecure. Like I said above, it’s a combination of behaviors on the user-side and technology on the provider-side that defines the security of any given situation.
On the provider side, FindLaw secures the websites of our attorney customers through several means. We host our sites on a secure CDN (Content Delivery Network) that provides a lot of security for our clients and ourselves while also delivering excellent speed to the consumers visiting those websites. In addition, FindLaw customers benefit from the protection of the Thomson Reuters firewall as well as constant monitoring against malicious activity.
What Google’s HTTPS warning means for you.
Earlier in this post I said not to worry about this change. This is for two big reasons. First, because as I said, HTTPS doesn’t necessarily reflect the sum total security of your law firm’s website. Second, because the effect this change has on your firm’s website visitors could be very, very small.
Google’s change only applies to users of its Chrome browser, which accounts for less than half of the search traffic to FindLaw websites. What’s more, the user experience is unlikely to have an effect on a law firm’s business. Visitors to unsecure websites are not turned away or blocked. Rather, Chrome will simply display an “i” icon in the address bar when the page loads. If the user enters data into a form on that site, the phrase “not secure” will also appear in the address bar.
What won’t change?
It’s important to understand the scope of this announcement. This focus on HTTPS means a visual change to Chrome’s address bar and, frankly, not much else. Google is not changing their search algorithm and there is no indication that a secure domain will have an impact on search visibility.
Quite simply, this is a change that Google has been signaling for quite some time. As they place a greater focus on web security, their moves follow a logical path. Like their “mobile-friendly” change from a year ago, this is just one more case where law firms who choose FindLaw should be aware of what’s happening, and rest easy knowing that their websites are in good hands.