According to a 2016 survey realised by PricewaterhouseCoopers, cybercrime is the second most reported crime nowadays. Data theft is indeed a major concern for businesses, and substantial safety breaches make the headlines regularly even among governmental organisations. In 2011, Sony PlayStation Network reported the biggest theft at the time, with the customer records of 77 million people stolen worldwide. This year, yahoo admitted that 3 billion email users were likely compromised in a 2013 breach. Deloitte also reported having been hit by hackers who may have gained access to crucial data from their blue-chip clients, including usernames, passwords, personal details and even strategy documents.
However, although 61% of CEOs are concerned about data safety, only 37% of companies have a response plan in place. Another 14% don’t intend to implement one while 29% are in the process of formulating one.
For individuals, this is obviously a great concern given the number of operations we do online every day. It’s not only about shopping, but also banking or uploading private information on the web. And although we do know that we should use a different password for each login, the truth is that we mostly don’t so, if they are stolen, they would give hackers access to several of our accounts in one swoop.
Now, if there is a company that takes safeguarding our data seriously, it’s Google. Chrome already offers a range of features to protect you from phishing and malware, such as auto-correcting misspelled web addresses to avoid sending you to the wrong site – which could be a criminal site deliberately preying on people’s typos, a strategy also known as ‘typosquatting’.
If you use Chrome’s very convenient password-saving function, you can protect your account through the Account Security page by enabling a 2-step verification process. When you sign in from a new device, you will be sent a PIN that you must enter to finalise the log in. This will ensure that, should someone try to hack into your account, they won’t be able to as they won’t receive the PIN.
Google has also been displaying a notification to indicate the safety of visited websites to users. In Chrome, it is shown as a little green padlock on the left-hand side of the URL bar with the words ‘Secure’. This means that the website uses the encrypted web protocol HTTPS rather than the unencrypted one, HTTP. On the other hand, ‘Not Secure’ means, of course, that any information entered isn’t encrypted.
People using Firefox see a similar system. When visitors are asked for a password or credit card, the browser displays an icon with a lock and a red line through it if the page isn’t using the HTTPS protocole. Apple’s Safari and Microsoft’s Edge don’t warn users about HTTP sites but don’t display the green padlock for HTTPS sites either.
Google, however, is going a step further and has recently issued a statement saying that, as of October 2017, the ‘Not Secure’ warning will be displayed more often. From now on, when you visit a site that uses plain HTTP, Chrome will display an icon with the letter ‘i’ in a circle. As we will see further down, not all pages need encyption, but Google’s goal is to protect any personal information, not just passwords and credit card details. Clicking on that icon will inform you that the connection to the site is not secure. The same warning will be displayed to Incognito users – a browsing mode that deletes browsing history at the end of a session.
Not everybody pays attention to the green padlock but we certainly all care about being safe on the internet and our computer not being hijacked by malware, so this initiative is undoubtedly great news for consumers, all the more so that Chrome is the most used browser. However, from a business point of view, this move has been received with mixed feeling given how close we are to the Christmas shopping period.
While protecting personal data, credit card details and passwords is common practice online, switching from HTTP to HTTPS can be a technical challenge, especially for smaller businesses who may not have the skills in-house or the resources to implement it and therefore haven’t. But this doesnt mean that their website is unsafe. If they use a third party gateway like Paypal’s for example, the checkout process will be protected by Paypal’s encryption, and it certainly is as good as you can get. Many shoppers won’t know this, though, and they may get scared off when the site is labelled ‘not safe’. So close to Christmas, it could seriously hurt sales.
The other issue is that HTTPS can be implemented on single website pages, and as, technically, encryption only really makes a difference on pages where data is collected, many companies have done just that, only securing the pages that really needed it. And we’re not talking about SMEs but global companies like The Gap. Research by Mozilla, the makers of browser Firefox, indeed estimates that 40% of the largest online ecommerces don’t use HTTPS throughout their entire website, and it makes sense as there is really no need to encrypt product pages for example. However, Chrome won’t make the distinction and will label the whole website as unsafe even if it uses HTTPS where it matters, because, from Chrome’s point of view, not all pages are encrypted.
It remains to be seen, however, whether users will actually notice the change in Chrome as it is so discreet, and whether they will heed the warning.
If your website isn’t encrypted and you would like to know how Google’s safety measures will affect your business, give us a ring on 09 360 2299.