As of the latest release of Chrome, sites not using TLS encryption are being called out in the address bar. Users will now see a “Not Secure” label when visiting sites over plain HTTP, even if the site does not transmit sensitive information.
HTTP May Impact Google Rankings
While this warning does not elevate the severity of lacking TLS encryption, it may cause customers and partners who do not understand the nuance of the situation to assume the business is “Not Secure” altogether.
In 2014 Google began to treat HTTPS use as a ranking signal for their search engine results. While this signal does not currently carry much weight, Google has expressed that it may strengthen the signal over time.
Using Valid Signed Certificates
VerSprite suggests enabling TLS with strong ciphers on all sites, both external and internal.
It is important to use valid, signed certificates even with internal assets so that employees do not become accustomed to bypassing security warnings, a practice that increased the likelihood of falling victim to phishing attacks.
VerSprite offers a new level of integrated security solutions that provide improved context around discovered vulnerabilities, 24/7 enterprise security monitoring, and experienced open-source intelligence gathering tradecraft. Learn More →