,

Why You Need HTTPS for Your Website

Do I need and SSL Certificate? 

Not necessarily, but it’s probably the best way to get HTTPS.

Do I need HTTPS for my website?

Absolutely.

HTTPS connections are enabled when an SSL certificate is configured for a website on a web server. For the record, there are other ways to enable HTTPS, like TLS (Transport Layer Security); this is why we said “not necessarily” in our initial response.

SSL Certificate Advantages

There are many advantages to using a commercial SSL Certificate over open encryption protocols. For one, SSL Certificates are offered by a trusted certificate authority. These authorities provide various types of SSL Certificates based on validation type and domain coverage.

You can also place warranty claims in case of misuse or data breach. In addition, most SSL Certificate warranties start at $10,000, come with a trust seal, and can usually be extended up to 3 years.

Why You Need An SSL Certificate HTTPS for Your Website

We want to be clear: every website is a little different. That’s why we’re rewriting the discussion here. You shouldn’t first be asking “Do I need an SSL Certificate for my website?” You should first be asking “Do I need HTTPS for my website?

With that being said, SSL Certificates are the most common, and most trusted way to enable HTTPS on your website. But why do you need HTTPS for your website? It boils down to five key reasons.

Trust

HTTPS notifies users that all data provided from the website they are visiting is trustworthy and has not been altered. Users are starting to get messages from browsers when they visit a web page that is Not-Secure. Sites with HTTPS display a “Secure” message, helping build trust.

Confidentiality

HTTPS confirms that all the activity complete on the website will be encrypted. This also means that the website and activity cannot be visible to someone who is trying to sniff through network traffic.

Protection

HTTPS protects sensitive information. Website users want to be confident that their sensitive information, such as credit card or personal information, stay secure and do not fall into the wrong hands.

Search

Security is a top priority for Google. They invest a lot in making sure that their services use industry-leading security, like strong HTTPS encryption by default. Now, more than ever, they are putting emphasis on HTTPS in the search ranking algorithms.

Conversions

Obtaining a SSL Certificate and converting your website properly over to HTTPS will result in a more noticeable, confidence evoking web address bar. This combined with user trust and physical trust seals equals more conversions.

Summary

Do you want data on your website to be visible to potential malicious use? Want potential customers to assume that you are not trustworthy? Looking forward to losing search engine rankings and missing out on more conversions?

If the answer is no to all of the above, then you know why you need HTTPS for your website.

Make Your Website HTTPS

There are many things that need to be done to properly switch your website to HTTPS. For example, choosing the right SSL certificate, server configuration updates, and 301 redirects are some of the challenges that businesses face during migration.

GOGET SECURE by Orpical Group helps alleviate these challenges. As the only specialized, branded SSL Installation and HTTPS Conversion service in the world, GOGET SECURE helps businesses secure their website quickly and affordably with zero interruption.

Our HTTPS migration process and tools have been refined over countless website conversions. In turn, this provides us with a unique capability to fully secure the connection of your website, while allowing time to make other optimizations that are often overlooked or negated.

Make the Switch to HTTPS

Contact us for a free quote to convert your website from HTTP to HTTPS.

,

2017 Data Breaches Draws Attention to Small Businesses

When word dropped that Equifax, one of the three largest credit agencies in the U.S., suffered a breach from a “website flaw that could have been easily fixed”, people started to take notice. With more than 143 million people having lost their personal details, there’s no wonder why Equifax is facing questions from legislators and the public.

Think about this: there are roughly 326 million people in the United States today (9/14/2017). 143 million consumers would represent about 40% of the country’s population.

With that being said, web and cyber security isn’t just for the Fortune 5000 companies like Equifax, Chipotle, Gmail, and DocuSign, who all faced data breaches this year. While big names make headlines, attacks against small businesses have fallen under the radar.

Per Bryan Seely, a network engineer famous for hacking into the FBI: “Most small-business owners don’t think they’re at risk. As a result, it’s fair to say they are indeed ill-prepared to safeguard against an attack.”

Seely adds, “That the problem is that most small-business owners don’t know where to begin when it comes to ramping up their web and cyber security.”

The problem is that most small-business owners don’t know where to begin when it comes to ramping up their web and cyber security.

But, it doesn’t need to be that way. There are plenty of easy things that can be done in-house, such as regularly running software updates, updating passwords, and making sure that your data and files are backed up routinely.

Beyond that, relying on web and IT professionals for security products and services will continue to be a growing trend–for good reason. There isn’t any single task that will prevent your website from being hacked, your customer’s data being compromised, or the integrity of your company being potentially jeopardized.

Implementing a multi-layered approach is the best line of defense. While the inevitability of an attack looms, the outlook may seem bleak, and investing in security perhaps not worthwhile. But that couldn’t be further from the truth.

Did the U.S. Men’s National Team hang up their skates when everyone said they couldn’t beat the Russians in the 1980 Olympics? Did Bill Gates give up on Microsoft Office when WordPerfect was the dominant word-processor at the time? Did Hannibal retreat his 20,000 member army at Cannae when a superior Roman force of 72,000 warriors were bearing down on their throats?

Failing to prepare is preparing to fail. The only way to beat the odds is to get on an even playing ground. Educate yourself on best practices, seek guidance on where you might be most vulnerable, patch any weaknesses, and develop a security response plan for potential incidents and recovery.

Request Web Security Consultation

About Orpical Group

Orpical Group is a full-service online marketing agency. Based in New Jersey (NJ), we specialize in logo design, branding, web design and development, search engine optimization (SEO), and search engine marketing (SEM).

Since 2012, we have helped our clients realize and sustain high levels of individual and organizational performance. We don’t believe in a one-size-fits-all marketing approach. We believe in our clients. And our clients believe in us because we are invested in success.

, ,

Why Secure Your Website With HTTPS

The green padlock and little Secure message you see in the URL bar on some websites (including ours) looks pretty snazzy, doesn’t it?

Per ColorPsychology.org, the impact that colors have on our brains is used to manipulate our decision making.

The color green is no exception. It is a color that carries a lot of weight.

The color green:

  • Provides a strong emotional correspondence with safety.
  • Suggests stability and endurance.
  • Symbolizes trust, loyalty, wisdom, confidence, intelligence, faith, and truth.
  • Slows human metabolism and produces a calming effect and tranquility.

Those are pretty powerful and positive emotional responses, especially when your website users are the end recipient.

Securing your website with HTTPS, however, has benefits beyond what simply meets the end user’s eye, or a recognizable green notification in this case.

Secure HTTPS websites have proven results in conversion rates, rank higher in search results, and provide brand boosting capabilities. On top of all of that, it’s the responsible way of the web.

Data Encryption

Arguably the most important reason of having a secure HTTPS website is encryption.

The secure message you see in your URL bar comes from first obtaining an SSL (Secure Socket Layer) or TLS (Transport Layer Security) Certificate. From there, a number of changes are made to your web server and website to make it more secure.

Both SSL and TLS are cryptographic protocols that provide communications security over a computer network. When active on your website, they are what enable another protocol known as HTTPS: HyperText Transfer Protocol Secure.

For a web browser such as Google Chrome, Safari, Firefox, or Internet Explorer to access a website it needs to be able to communicate with it in a language they can both understand.

Historically, HTTP, the “not secure” version of HTTPS has been fine for this type of communication, with the exception of websites with ecommerce capabilities, or forms that obtain data like credit cards or sensitive personal information.

Like most things with the web, HTTP has become outdated. And recently it has been hammered by key browsers and search engines.

As a whole, web security is a growing concern. In fact, a report from the TRUSTe/National Cyber Security Alliance (NCSA) Consumer Privacy Index reveals that more Americans are worried about their data privacy than they are about losing their main source of income.

HTTP vs HTTPS

Having a not secure website (HTTP) is a lot like making out with your significant other in public: everyone can see your business.

On the contrary, a secure website (HTTPS) provides you with a space to safely conduct your business “behind closed doors”. In other words, a passerby cannot eavesdrop in on your session.

HTTPS is simply a more mature way for a browser and a website to communicate.

If your website is strictly on HTTP, let us be the first to tell you: PDA (public display of affection) isn’t cool. It’s time to “get a room”.

Improve Trust & Conversions

You are either building trust, or destroying it.

When it comes to relationships, trust can take years to build. But when it comes to your website, you don’t have years. You have seconds.

A series of experiments by Princeton psychologists Janine Willis and Alexander Todorov reveal that all it takes is a tenth of a second to form a first impression.

So, with that being said, take a second and decide which website you would choose to interact with from the options below.

What Website Would You Trust?

Option A:

Option B:

Option C:

Why You Likely Chose Option B

The three options that you just glanced at are the current options (written August 15, 2017) for how a website will appear in the address bar of Google Chrome, which makes up roughly 60% of the desktop browser market share.

In January 2017, Google Chrome began to mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.

So, what does that mean exactly?

Simply, this means that even websites that display like Option A, which currently doesn’t look that bad, will begin to look like Option C, pending they are not converted to HTTPS.

Assuming that you prefer Option B, you confirmed a well-known web marketing truth. And a reason to switch to HTTPS beyond getting shamed by Google and other browsers:

Trust seals help convert.

It’s pretty obvious why most of us choose this option at a glance. Option B is green. It says “Secure” and even has a padlock symbol that we associate trust with.

Things become obvious after the fact though. And the fact here is this:

48% of online shoppers do not trust a website without a valid trust seal. In addition, an SSL Certificate can increase conversions up to 87%.

What you see in Option B is an opportunity to constantly reinforce trust. Migrating your website fully over to HTTPS provides a trust seal (in the address bar) with the opportunity to add a secondary trust seal (perhaps in the footer, sidebar, or other areas on your page).

As a user navigates a website on HTTPS, they will be reminded (over and over again) that the connection they are on is “Secure”. This promotes the confidence that is needed to ultimately convert a visitor to a lead or sale.

Increase Search Rankings

If protecting your user’s data and increasing your conversions aren’t enough for you, then this should do it.

Search Engine Optimization (SEO) is an accumulation of strategies, techniques and tactics used to increase the amount of visitors to a website by obtaining a high-ranking placement in the results page of a search engine (SERP) — such as Google, Bing, Yahoo and other search engines.

If you’re wondering why we simplify the above description to “strategies, techniques, and tactics”, it is because Google uses a BEASTLY algorithm that includes about 200 ranking factors.

And guess what?

Having an SSL Certificate and a website on HTTPS is part of the algorithm.

Don’t take this from us–take it directly from Google, who made this announcement first in 2014.

Since then, a lot has obviously changed. But one thing has remained the same, the importance of HTTPS in regards to search rankings is steadily growing.

Just check out this year’s progression of HTTPS websites that fill up Page 1 search results per Dr. Pete Meyers of Moz:

Another important consideration for SEO is site usability and bounce rate. As we explored in the previous section, sites that are secure are likely to have higher conversion rates.

As result, we should expect the average duration of users on secure HTTPS websites to be relatively higher than HTTP websites. Again, good for SEO.

What this further demonstrates is that we are in the Age of Encryption. Securing your website is not just a responsible web practice, it provides brand boosting capabilities that can positively impact your bottom line.

Make Your Website HTTPS

There are many things that need to be done to properly switch your website to HTTPS. Things like choosing the right SSL certificate, server configuration updates, and 301 redirects are some of the challenges that businesses face during migration.

GOGET SECURE by Orpical Group helps alleviate these challenges. As the only specialized, branded SSL Installation and HTTPS Conversion service in the world, GOGET SECURE helps businesses secure their website quickly and affordably with zero interruption.

Our HTTPS migration process and tools have been refined over countless website conversions. This in turn provides us with a unique capability to fully secure the connection of your website, while allowing time to make other optimizations that are often overlooked or negated.

Make the Switch to HTTPS

Contact us to learn more about SSL Certificates and for a free quote to convert your website from HTTP to HTTPS.

,

HTTPS and SSL are Not the Same Thing

FAQ: Are HTTPS and SSL the same thing?

No. Many people will use the acronyms interchangeably. And while HTTPS and SSL can and should be used in the same sentence, they are not synonymous.

Just like peanut butter and jelly, HTTPS and SSL, create a nice one-two punch, but outside of their relationship, they are strong independents. They are the Marvin Gaye and Tammi Terrell of web communications.

The Technical Definitions

SSL

SSL, short for Secure Sockets Layer, is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted.

A certificate is necessary to create an SSL connection. There are many different kinds: check out this guide for more info on the different types of SSL Certificates. Once purchased, validated, and installed, two cryptographic, a Private Key and a Public Key, are created.

HTTPS

HTTPS is a communications protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security, or its predecessor, Secure Sockets Layer.

The Layman’s Version

HTTPS connections are enabled when a SSL certificate is configured for a website on a web server. To make matters more confusing, you could also use TLS (Transport Layer Security) to obtain HTTPS.

Either way, without setting up a TLS/SSL certificate a web browser can only access websites via HTTP and all data sent to the server can be read over the network. This is becoming increasingly problematic, especially as major search engines and web browsers begin to put more stock in HTTPS.

Still Confused?

We find that the easiest way to remember the relationship between SSL and HTTPS is to sing tune:

Ain’t no mountain high enough, ain’t no valley low enough, ain’t no river wide enough, to keep me (SSL) from getting to you babe (HTTPS).

Make the Switch to HTTPS

Contact us to learn more about SSL Certificates and for a free quote to convert your website from HTTP to HTTPS.

About Orpical Group

Orpical Group is a full-service online marketing agency and business consulting firm. With locations in New Jersey and Philadelphia, we specialize in logo design, branding, web design and development, search engine optimization (SEO), and pay per click management.

Since 2012, we have helped our clients realize and sustain high levels of individual and organizational performance. We don’t believe in a one-size-fits-all marketing approach. We believe in our clients. And our clients believe in us because we are invested in success.

,

Why is My Website Not Secure?

“How dare you say my website is not secure Google — you don’t even know me!”

With nearly 60% of the browser market share, Chrome is no longer the new kid on the block, it’s popping off!

And whether we like it or not, Google seems to know what’s best for us and the web as a whole.

That’s why they have made it a priority this year to mark non-secure pages containing password and credit card input fields as Not Secure in the URL bar.

Eventually, Chrome will show a Not Secure warning for all pages served over HTTP, regardless of whether or not the page contains sensitive input fields.

So how can you fix this problem on your website now? After all, you have customers to serve and cannot run the risk of scaring them away.

Ultimately, the reason why your website is showing as Not Secure will depend. But there are a couple questions and handy resources that you can take advantage of to get to the root of the problem.

Do you have an SSL Certificate Installed?

SSL, short for Secure Sockets Layer, is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted.

An SSL certificate is used to enable a secure connection to protect your website, and your customers that use your website, even if it doesn’t handle sensitive information like credit cards. It helps provide the privacy, critical security and data integrity for both your websites and your users’ personal information.

Today, many web hosting providers provide SSL Certificates. The costs are either separate or built into pricing. On average, standard SSL certificates, start at around $50-70 annually for a single domain. These costs can vary depending on the type of certificate you need.

Want to check if an SSL Certificate is installed on your website? A quick search will show a number of different free “SSL Checkers”. A personal preference of mine is Qualys SSL Labs, which will give you a detailed report.

See the below screenshot of one of our client’s secure websites:

If you do not have a SSL Certificate installed, then you will receive the following error message:

Did you force HTTPS?

Even if you have an SSL Certificate installed, you may still receive warning messages.

This mainly happens when web users access old indexed URLs that are still using HTTP.

Forcing visitors to use SSL can be accomplished through your .htaccess file using mod_rewrite. Modifications can be made through a File Editor program and a FTP client like FileZilla, but it’s important that they are done carefully. Improper modifications to your .htaccess file can break your website causing more issues and result in potentially lost business.

Is there mixed content on your website?

If you have installed a SSL certificate and forced HTTPS through your .htaccess file, then it is likely that your website is showing mixed content.

Mixed content occurs when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS. Modern browsers display warnings about this type of content to indicate to the user that this page contains insecure resources.*

Working backwards through your files to scan for old HTTP links can be tedious, especially if you have a complex website. Fortunately, there are tools built within your browser and on the web that can help.

If using Chrome, go to Settings > More Tools > Developer Tools > Javascript Console. Mixed content warnings will be shown like the image below:

If the above steps seem a little overwhelming or clunky to you, a secondary option would be to check out Why No Padlock, a simple tool that will tell you about any insecure items on your SSL page.

Once you have identified where the mixed content is, you have to update HTTP to HTTPS.

Summary

The world of the web is changing. It happens fast and often without real notice. Staying on top of browser and search updates is not just a good business practice, it’s essential to staying competitive in a sensitive, digital world.

Professional SSL Certificate Installation by our team at GOGET SECURE makes moving from HTTP to HTTPS simple.

Eliminate browser warnings, improve SEO, and build credibility and trust without any downtime. An HTTP to HTTPS migration should be easy and affordable without any hiccups. Now it is. Let our team at GOGET SECURE help you make a seamless switch.


*What Is Mixed Content? | Web | Google Developers. (n.d.). Retrieved June 06, 2017, from https://developers.google.com/web/fundamentals/security/prevent-mixed-content/what-is-mixed-content

, ,

Web Design Company in New Jersey Makes SSL Certificate Installation a Priority for All Clients

Orpical Group, a web design and development company in New Jersey, announced their plans to make Secure Socket Layer – SSL Certificate Installation a priority for all clients. The announcement followed the company’s own successful switch to HTTPS, a communications protocol for secure communication over the Internet.

Google announced earlier in the year that they would begin displaying the security of connections in the address bar of Chrome Version 56. In addition, they would display this message on pages that display a password and/or a credit card field. Orpical Group cited this as the beginning of a long-term plan to mark all HTTP pages and content non-secure.

“No question about it, this is the year of HTTPS and SSL Certificates for websites,” said Stefan Schulz, Chief Operations Officer, Orpical Group. “Big time players, browsers and search engines, are adjusting their perspective and platforms to address the growing concern of authentication, data integrity, and encryption. It’s our responsibility to our clients to meet and ultimately exceed the industry standards, not just as a precautionary measure, but as a strategic implementation that can provide measurable returns.”

Schulz further scrutinized the protocol changes and it’s impact on the small business market: “Search engines and browsers are warning users of non-secure content, but the warning is subtle, so much so that many small business owners, and those providing good, valuable content, are missing the message. It’s not like Google is showing up at your door with a letter saying, ‘Hey–you need this SSL Certificate thing or you’re going to lose impressions, clicks, and potential customers.’”

In effort to make the transition from HTTP to HTTPS as simple as possible with little to no interruption to live websites, Orpical Group has developed a new service offering, GOGET SECURE, which offers fast, proper SSL Installation for small to mid-sized businesses. The Professional SSL Installers at GOGET SECURE, help businesses obtain the right certificate, install on their hosting server, update the configuration of their website, and more.

ABOUT ORPICAL GROUP

Orpical Group is a full-service marketing company. Based in New Jersey (NJ), we specialize in logo design, branding, web design and development, and internet marketing. Since 2012, we have helped our clients realize and sustain high levels of individual and organizational performance. We don’t believe in a one-size-fits-all marketing approach. We believe in our clients. And our clients believe in us because we are invested in success.

Cyber Security Threats to Small Businesses

Finding solutions to four of the most common cyber security threats

It can happen while you’re checking the weather on your local news app or perusing the latest Buzzfeed list.

It could be something as small as having your dog’s name be your password for everything from your work email to your Starbucks app. (And, note to self, adding the number 1 to the end of the name doesn’t really help).

Honestly, it can happen in your sleep. And no one is safe.

While it’s no secret to any Internet user that cyber attacks are consistently on the rise, there is a startling trend in cyber security breaches that you need to be aware of in 2017.

Research by BizTech reveals cyber security for small business is of the utmost importance now more than ever before as hackers shift their focus toward companies that formerly flew under the radar.

The Federal Communications Commission is warning small businesses to ramp up cyber security however possible using resources like its recently released Cybersecurity Tip Sheet.

What the need for increased cyber security for businesses means from a practical standpoint is greatly important for any business despite its size.

Here are four of the most common cyber security threats experts are offering to small businesses in 2017:

The problem: Phishing

The solution: BizTech goes as far as to call phishing the number one concern for small business owners in 2017. Why? Because scammers are constantly ahead of the curve with new strategies, techniques and tactics using every platform imaginable. From e-mail to texts and social media posts, nothing is safe from effective malware.

Identifying ways to protect your business from cyber security threats starts in the same realm the hackers are targeting: the human element. Combatting it begins there, by empowering employees to know how to suspect suspicious communication and understand when not to click on something from someone they don’t know.

It may not seem as efficient at the moment to invest valuable employee time on education regarding the danger of encrypted web sites or pop-ups, but even the occasional mention of such things during a routine meeting can help prevent an attack.

The problem: What data loss can mean for a business

The solution: First of all, acknowledging there is a need for cyber security in business is the first step to protecting one against attack. This is true particularly in a world where a recent study conducted by Kaspersky Lab found 90 percent of businesses of all sizes had admitted to having some kind of security incident.

What happens as a result of those kinds of breaches is not only troubling from the standpoint of the exposure of sensitive data, but also is capable of shutting a business down entirely. The same study found the cost to recover from a data breach averaged around $38,000 for small businesses, a cost too high for many to bear.

Intelligent security capable of monitoring, and thereby potentially preventing data loss, is an option. Another option that goes back to basics is intelligent employees. Taking time to educate employees about the importance of understanding cyber security in business is a small investment to make considering the bigger picture.

The FCC recommends training employees in security principles as soon as possible. That means helping facilitate the development of strong passwords and respecting how the Internet is used in the workplace. That also means putting a proper system in place to penalize those who do not adhere to company standards and policies.

The problem: Password vulnerability

The solution: One of the most common problems in cyber security has one of the easiest fixes. Everyone knows it can be a pain to maintain multiple passwords for various platforms in both our personal and professional lives.

That’s why many of us resort to having a standard password we use for everything, to help ease the process of logging in to anything from our online banking profile to Facebook. Not only is it the most common source of vulnerability particularly for small businesses, but that is what attackers are hoping for. That makes us targets.

It’s a pain. This we all know. But developing strong, reliable passwords falls into the “no pain, no gain” category when it comes to small business cyber security.

A 2016 study by Verizon found that 63 percent of confirmed data breaches were related in some way to a weak, default or stolen password.

Having a company policy in place that establishes guidelines for passwords, and requires them to be updated regularly is a good place to start.

Beyond that, BizTech suggests putting a two-factor authentication process in place.

The problem: Malware, Ransomware, the Cloud (Oh, My!)

The solution: Update, patch, backup, repeat. Malware is capable of reaching anyone these days, Ransomware is running rampant and the cloud is a bittersweet business adaptation that can make and break your business. So what do you do to keep your small business safe?

Update, patch, backup, repeat.

Making sure you have the latest updates installed and patches in place is step one, followed by making sure everything is safely backed up. For some, that is where the cloud comes into play, and rightly so.

Cloud computing has been the way of the future since yesterday and has had a profound impact on business practices worldwide. Yet it needs to be approached and handled with care, just as anything else. Taking some time upfront to choose the right cloud-based technology could help save your business in the long run.

Request Web Security Consultation

About Orpical Group

Orpical Group is a full-service online marketing agency. Based in New Jersey (NJ), we specialize in logo design, branding, web design and development, search engine optimization (SEO), and search engine marketing (SEM).

Since 2012, we have helped our clients realize and sustain high levels of individual and organizational performance. We don’t believe in a one-size-fits-all marketing approach. We believe in our clients. And our clients believe in us because we are invested in success.