People Running Not Secure

A ‘Not Secure’ Warning Won’t Just Cost You Customers, New Study Says It Could Turn Off Users to Your Brand for Good

The letters HTTP and HTTPS aren’t usually ones we pay attention to. But Google does. And it turns out your customers do too.

In July 2018, Google Chrome made a historic update to its user interface affecting the online businesses of millions of people who own websites. If a website’s URL starts with HTTP and not HTTPS, Google Chrome web browsers started explicitly warning users that that website was unsafe.

This warning came in the form of a little red lock and the words ‘Not Secure.’ The little red lock was removed about 60 days after the change and is now replaced by a gray exclamation point and the “Not Secure” warning. Businesses are paying a price for overlooking this small notification at the top of their website.

In light of this new update, millions of small business owners with websites are wondering: Does this affect my users? Will users trust me if my website is marked  ‘Not Secure’?

The study results: users are ‘turned off,’ 46% wouldn’t do business online with ‘not secure’ websites

Not Secure in Browsers

According to a new study by John Cabot, many users would be turned off to a brand for good if their site appears ‘Not Secure.’

John Cabot conducted a survey of 1,324 people to find out if seeing a ‘Not Secure’ warning impacts user behavior. Researchers showed participants a ‘Not Secure’ warning on generic websites and asked them to explain what they thought it was for, what it meant to them, and how it reflects on the organization. 47% of survey participants roughly understood the warning and what it meant. However, a significant number of users were more skeptical.

Many believed that the website was dodgy, a scam or had been hacked.

The study found that 46% of users said they wouldn’t enter their name, password, or credit card information on the site, with 64% of those saying they’d leave the website instantly.

Additionally, 14% worried that their device had been or could be exposed to a virus; 8.4% thought they had been signed up for spam emails; 12% thought it was a fake version of a real website; and 9% thought it meant the information on the site was unreliable or not fact-checked.

Small businesses with ‘not secure’ websites suffer the loss of trust, suspicion, & poor user retention

Interestingly, these results changed quickly depending on the type of website. The ‘Not Secure’ warning impacted users’ perception of some business websites more than others, depending on the type of goods or services they sell. Customer-facing businesses were hardest hit, with users feeling turned off not just by the website, but the business as a whole.

In the study results, two examples that stood out were an estate agent and a hotel website. With the ‘Not Secure’ website for a hotel, the user answers revolved around the product ‘being fake’ and ‘not existing,’ with many saying they ‘would not book’ and others saying they’d need to do ‘further research’ before trusting it with a transaction.

With the estate agent website, users were suspicious of not just the website, but the agent’s entire business.

The most popular answers identified the estate agent as being unprofessional and amateur, and “not bothered” about their customers. Terms like “avoid”, “don’t trust”, “dodgy” and “crooks”, kept appearing, and were all related to ripping off their customers.

Businesses that deal directly with customers or that sell goods or services on their website suffer the greatest loss of customer trust from a ‘Not Secure’ warning including:

  • E-commerce websites, or any business that sells goods or services online
  • Rental, booking, or event companies
  • Real estate agents, attorneys, contractors, or individual service providers
  • Small businesses

In September 2018, Google removed the ‘Secure’ label from HTTPS websites and replaced it with just the icon of a lock: meaning, in contrast, the text of the ‘Not Secure’ warning in an address bar stands out even more. And in October, Google started displaying the ‘Not Secure’ warning in red with a page redirect stating ‘Your connection is not private’  if you try to enter data into a website on an HTTP connection.

It’s clear that all websites should migrate to the faster and safer HTTPS version of their website, but how big of a deal is making the switch?

How to Fix the ‘Not Secure’ Warning

If you want to:

  • Get rid of that ‘Not Secure’ warning
  • Boost your website’s SEO & keyword rankings in search results
  • Protect users’ traffic from malware, phishing, and malicious attacks
  • Keep your customers safe while on your website
  • Run on new and updated browsers
  • Improve your website speed, security, & accuracy in analytics
  • Build trust with your visitors
  • Sustain your online business for the long-term

You need to get that much-coveted “S” in your URL, and you do that by installing an SSL certificate.

Get Your Website Updated

$149 SSL Installation Package! Fill in our contact form to get started today.

Without an SSL certificate, that ‘Not Secure’ warning is exactly correct: your users are not secure, and their information, activity, and device are all vulnerable so long as they remain on your website.  

With a valid SSL certificate (or with that ‘HTTPS’ in your URL), your visitor’s web traffic is encrypted while they’re on your website, which means they are protected from attackers.

But my website doesn’t store sensitive information: Do I really need HTTPS?

It doesn’t matter if your website contains sensitive information or not. Keeping your users safe is the right thing to do, and websites running on an HTTP connection are not just being penalized by more and more browsers, they are increasingly becoming irrelevant.

The fact of the matter is that if your website domain runs on an HTTP connection, Google will actively exclude your website from the best of the internet. Google will prioritize websites with an HTTPS connection and punish those that don’t.

Thankfully, making the switch from HTTP to HTTPS is cheaper and easier than ever before.

To install an SSL certificate on your website, you can:

  • Contact your hosting provider and find out if they provide SSL options. Many hosting companies provide them for free and depending on the type of website you have they may even install it on your site for free (but probably not).
  • Purchase a valid SSL certificate from a certified provider or get a free one from Let’s Encrypt (be wary of scams). You’ll have to be very familiar with your website and hosting account to get this activated.
  • The simplest solution is to get in touch with a web developer to fix it for you. Hopefully, your hosting provider will issue the SSL for free. An average website should not take longer than 1-2 hours for a developer to install the SSL. So $100-200 in total cost would be reasonable for most websites.

So why are website owners not making the switch?

When asked why they haven’t fixed the ‘Not Secure’ warning by switching to HTTPS, many website owners report worrying about losing site traffic during migration, experiencing errors or bad redirects from links, or just not knowing how to do it/lacking a staff member with the expertise to do it.

(Listen to Google break down common rumors about website security in Mythbusting HTTPS:  Squashing Security’s Urban Legends.)

Don’ t be afraid to make the switch. The facts speak for themselves. There’s really no reason not to switch to HTTPS in 2019. In fact, Google really isn’t giving us much choice.

To protect your website, call your hosting company or reach out to a qualified web developer who should be able to install an SSL certificate on your website in less than a day with little to no downtime.

Get your site secured today 🙂 . Contact Jonroc and schedule your SSL certificate install and website update. Most websites only cost $149 to secure.