Let’s start with the basics: http stands for hypertext transfer protocol and it’s essentially what makes the World Wide Web work. Https stands for hypertext transfer protocol secure and, as its name suggests, it’s basically a more secure version of http.
Specifically, https uses encryption to protect the information that is being moved from A to B across the web.
In the early days of the internet, http was fine for most purposes; the nature of cyberspace was very different from how it is now. Webmasters put up information on their sites and people consumed it and social interaction was by means of email and forums.
Then, along came ecommerce and online banking and social media, and people started doing a lot more online and sharing a lot more of their personal information in a digital environment. This attracted the attention of criminals and, since then, there has been an almost constant battle between cyber security and cyber criminals.
Nowadays, any websites that deal with any form of secure data (such as payment data or sensitive personal information) should already be on https. Other websites should aim to follow suit as quickly as possible. Here are two reasons why:
The General Data Protection Regulation (GDPR) is an update to (read: extension of) existing data protection regulations. It will apply in the UK from May 2018 and it will apply to anyone handling data relating to EU residents.
If you use your website to interact with customers in any way, shape or form, even if it’s just a “contact us” page, then you probably come under the aegis of GDPR so now would be a very good time to review your security in the light of the forthcoming regulations.
Google is possibly the ultimate digital company and, for all it has diversified in recent years, it still generates a substantial chunk of its income from pay-per-click (PPC) advertising revenues.
These revenues depend on advertisers being able to attract customers to their site and this, in turn, depends on the public at large feeling confident about their ability to stay safe online (and their ability to keep their children safe online).
It’s in Google’s interest to do whatever it can to help make the internet a safe place and that includes adopting a “carrot-and-stick” approach to getting websites to upgrade their security.
The carrot is that if you have a website which runs over https rather than http, Google will see this as a favourable criterion when it comes to determining your page ranking.
The stick is that if you insist on continuing to run http and your keyword competitors switch to https, Google will see this as a favourable criterion in their search ranking.
At the current time, Google’s preference for https only plays a small role in its ranking system but, even so, in the competitive world of search engine optimisation (SEO), those small edges can add up. We expect, however, that its importance will grow in future.