There is absolutely no reason to wait to make your website secure with HTTPS. The online reputation of your nonprofit organization is at stake.
This is a followup to my blog post last year in December 2016. In that post I said this...
If your website is not accessible via HTTPS then pages like forms that collect data will display to the user very clearly in the browser as “Not Secure” This may reflect badly on your organization.
- Nearly 60% of desktop users out there on the Internet are using the Google Chrome Browser.
- Accessing a website through HTTPS means all communications between your browser and the website are encrypted and browsers display a lock symbol in the URL address field of your browser.
- During the current year (2017) Google has been rolling out changes for the Chrome Browser that provide a more “in your face” messaging about the lack of security of the websites you are browsing.
Google’s Plan for Chrome & HTTPS
Here's how Google defined their plan back in April of 2017 on the Google Security Blog:
Our plan to label HTTP sites as non-secure is taking place in gradual steps, based on increasingly broad criteria.
According to what Google has published their plan has been broken down into phases. Here it is in a nutshell:
Phase 1: Credit Cards and Password Fields
This phase took effect in January 2017. If a page contains a password field or the user interacts with a credit card field and is not using HTTPS then the page is marked as “Not Secure”.
Phase 2: All form fields & Incognito Window
Phase 2 took effect this past October 2017. If the user is browsing in Chrome's incognito mode or the user interacts with any input form field and the page is not using HTTPS then the page is marked as “Not Secure”.
Next or Final Phase
Google has not published the timing of the next phase but they have defined the final and eventual state: All HTTP pages will be marked as Not Secure.
A current (as of Nov. 2017) real life example from a major website, bbc.com, as viewed in a Chrome incognito window.
My Conclusion for Nonprofit Organizations
If you are a nonprofit organization there is no reason to wait to upgrade your website to HTTPS by purchasing an SSL certification for your domains. The annual cost for an SSL certificate is relatively small to assure visitors and potential donors view your website as secure. Or to put it another way, it is clearly not helpful to have the words "Not Secure" printed next to your organization's domain and logo. It could unnecessarily damage the online reputation of your nonprofit organization.
It Really is Simple to Switch to HTTPS
Here's what you need to do:
- Buy the SSL Certificate (this can be done through your hosting company.)
- Install SSL Certificate for your domain (many hosting companies will do this for you.)
- Test HTTPS on your website domain to weed out any mixed media or HTTPS issues.
- Setup a forced redirect so all traffic from HTTP is redirected automatically to HTTPS.
If you are one of our clients, or desire to be, BackOffice can help you with obtaining, installing, and configuring your new SSL certificate. In addition to an SSL certificate, you may also want to request a security review of your website if you are not already part of our monthly maintenance and security plan.
Call BackOffice Thinking today at 610-709-6570 or send us a message and we will assist you with the security of your website.