Secure Your Non-Profit Site to Avoid Lost Revenue! Is Your Site Fully Secured?
If you haven’t already heard, the time’s up to secure your non-profit site to avoid lost revenue. According to a blog post published by Chrome security product manager Emily Schechter, Google Chrome will start marking all HTTP pages as “Not Secure” beginning in July 2018.
Over the last few years, Google has pushed strongly for using HTTPS to help keep your browsing data safe. With the release of Chrome 62, Google began marking all HTTP sites that had data entry fields as insecure. In 2016, it also started showing the same warning for all sites that asked for passwords and credit cards. Chrome currently displays a neutral information icon (a subtle exclamation point). However, this upcoming update (the release of version 68), flags every HTTP site as “Not Secure,” whether it includes input fields or not. The browser will warn users with an extra notification in the address bar, with the message “Not Secure,” that looks like this:
Secure Your Non-Profit Site to Avoid Lost Revenue! Is Your Site Fully Secured?: A picture of the warning message that users of Google Chrome will see in their browsers.
Our donation pages are secure. Why does this matter?
In short, you’ll scare donors away. Security warnings spook website visitors, and rightfully so. While your donation pages may be secure, do you really want donors seeing a message anywhere on your site that says “Not Secure”? Potential donors who aren’t as tech savvy as others will run for the hills if they see that information they enter on your site may be in jeopardy. Remember that, in general, you are often sending donors to your home page (ex: wxyz.org) or a page that begins the donation process (ex: wxyz.org/donate). This first impression often makes a difference if the potential donor continues the process or not. You must full implement HTTPS in your site to secure your non-profit site to avoid lost revenue. Seeing “Not Secure” in their address bar stops most people in their tracks- before they even reach your secure donation page.
Google Chrome currently enjoys a 60% market share of the web browser market. This means that in a few short days, 60% of the traffic on the web will display “Not Secure” on HTTP sites. As Google migrates to secure sites, other browsers will then follow suit. Additionally, Google ranks secure sites higher in web searches. If you secure your non-profit site to avoid lost revenue, you’ll also get higher ranking in search results, which means more traffic- and hopefully more donations!
We all live a day and age when security breaches reach some of the largest companies in the world. It’s important to give your visitors 100% confidence in your site and assure them their information is safe and secure. Take a look at all your pages. You should see “https” in the address bar, and also a lock icon. Watch out for “mixed content” warnings , too! This happens when the page itself is “https,” but it also contains unsecured elements within it, like HTTP image references. Mixed content warnings also show similar warning notifications in the address bar.
What exactly does HTTPS mean and why is it important?
Hypertext Transfer Protocol Secure (HTTPS) is the secure version of HTTP. This is the protocol by which web browsers and websites send data between them. The ‘S’ at the end of HTTPS stands for “Secure”. It ensures encrypted communications between your browser and a website. With HTTPS, no one in the middle can tamper with the traffic or spy on what you’re doing. Without that encryption, someone with access to your router or ISP could intercept information you send to websites or inject malware into otherwise legitimate pages.
How bad is the problem in the non-profit world?
Google reports that over 68% of Chrome traffic on Android and Windows devices and over 78% on Chrome and Mac devices are now protected. However, the scene is more dire in the non-profit community! A recent sampling of non-profit websites shows that 68% are not fully secured. And a recent sampling of Public Media stations across the United States shows that an astonishing 83% are not fully secured.
We’re not fully secure. What should we do?
Contact your web developer and lay out a plan for quickly implementing HTTPS across your entire site. Don’t delay. Every day that ticks by means lost revenue. Time’s up.