Brands need to get on board – or risk digital fallout
Google is leading global initiatives to make the Internet safer. Global data shows that Canadian brands aren’t keeping up. Failure to encrypt all online content poses risks to companies and their customers. This article explains recent changes to browser protocols that every digital marketer needs to be aware of.
The Internet is a Dangerous Place
The Internet is an increasingly risky place for organizations and Internet users. Enterprise brands and their customers are particularly vulnerable as nefarious actors target commercial operations and their digital stakeholders. Daily news abounds with real-life stories of data breaches, website-related fraud, email-phishing and other costly, malicious exploits.
For years, major stakeholders to the global Internet have been committed to mitigating the risks that we as consumers, and brand owners all face. Google is a leading example, having launched a charter project in 2005 that has come to be known as the Safe Browsing Project. They’ve engineered and implemented numerous sophisticated measures to help ensure that users of Chrome, Android, AdSense and Gmail aren’t tricked into doing something harmful to their privacy or security.
Web Page Encryption is Becoming Universal
A hugely important aspect of browsing the Internet is the two-fold concern that:
- You are indeed on the website you intend rather than a clever imposter site
- No one can eavesdrop on your browsing to steal login details or other private data
Browsers such as Google Chrome, Apple Safari and Mozilla Firefox share a common approach to ensuring Internet users are safer by displaying web sites you visit as either “secure” or “not secure.” They do this by looking to see if the website (or page) is encrypted with proof from a valid “Certificate Authority,” or CA. These are known variously as SSL or TLS or HTTPS certificates.
When implemented correctly, you’ll see a website address as https://domain.tld. This is secure. If you see the page as http://domain.tld, the page is NOT secure.
SSL certificates, correctly deployed and managed protect enterprise and their website visitor-customers in three ways:
- Encryption prevents parties from seeing data exchanged on an Internet session
- Encryption prevents parties from impersonating webpages for fraudulent purposes
- Organizationally validated encryption certificates (OVs) verify that the web page belongs to a valid, named entity.
This Year Major Browsers Stepped it up Further
Effective July 2018, Chrome 68 began identifying all HTTP pages as “not secure” within the browser window, regardless of the type of web page an individual is visiting. Chrome 70 is expected to go further, emphasizing the “not secure” alert in red.
Google’s search algorithms have favored HTTPS-encrypted webpages since 2014. Their argument is, “Users should expect that the web is safe by default.” It can be expected that HTTP pages will be further disadvantaged with successive releases of Chrome.
Mozilla (Firefox) and Apple (Safari) are following suit:
Four Reasons Why Your Brand Needs to Encrypt Everything
Google says that 94% of all Internet traffic they process from the US is encrypted. UK encrypted traffic is 94%. The fact that Canada’s traffic is only 68% encrypted is a real problem. The other 32% is not secure. Either by ill-advised policy, naivety or neglect, many organizations have not implemented HTTPS encryption on all of their web page content.
What Every Brand Marketer Should Do
- Secure your entire digital footprint: Change the old mind-set that only e-commerce pages or payment forms need to be encrypted. Google, Apple, Mozilla and the entire certificate authority industry have made it clear: EVERY web page including redirect links need to be encrypted.
- Use the right certificate for your brand situation: Some are organizationally validated, which further helps authenticate your online content. Others are “shared” certificates which may not offer the brand protection you need. Note: over 15,000 certificates bearing the name “PayPal” were sold in 2017… (Hint: PayPal isn’t buying them all!)
- Don’t relegate encryption security exclusively to the IT department: To be sure, IT is your go-to technical partner for correct implementation. Brand trust should be a strategic priority for every marketer.
- Conduct a brand security audit across your digital properties: Capable firms in the domain name space have passive audits that can help pinpoint your potential brand vulnerabilities and encryption gaps.