SSL Shaming For ECP’s


Google has announced a deadline of July 2018 when Chrome will begin explicitly warning users that a site is not secure. Despite repeated nudges and warnings here and elsewhere that Google would soon be making an online distinction between sites using a Secure Socket Layer, or SSL, about half the websites on the internet are still unsecure and using HTTP instead of HTTPS.

These warning will only show on Google’s Chrome browser, but Chrome is used by roughly half of all internet users around the world and almost 60% here in the United States. That means if you haven’t installed an SSL certificate on your website, some 60% of the possible patients and customers who come to your website will see a warning that states your website is not secure. Do you really want people coming to your website to see a warning that says Not Secure?


GIF taken from the HBO show Game of Thrones

For the better part of a year, those sites that have had an SSL certificate have shown up as Secure on Chrome Browsers. Those sites that don’t have an SSL have just had a little I for information, which of course, almost no one clicked, showing the site was Not Secure. Well, those days are drawing to a close. Despite all the warnings from Google, the number one search engine and number one web browser are about to shame websites that haven’t listened, and yours could very well be one of those websites.

Even if you don’t sell online, Google wants all web traffic to be encrypted. Therefore, they are outing emphasis on the SSL certificate for everyone. Those guys who wear black masks while working online have been known to spy on unencrypted web traffic and even inject malicious code onto websites through piggybacking on your web surfing.

An SSL certificate can cost many hundreds of dollars a year and can also be obtained for free through Let’s Encrypt. Why would you pay for an SSL? If you conduct e-commerce you want to protect your finances and the finances of your customers. A good SSL is worth the money. However, for most ECP’s who do not conduct e-commerce, a Let’s Encrypt certificate is perfect for your website. Some web hosts incorporate Let’s Encrypt into their hosting, so the setup is easy. Other’s do not, so there is more work involved. Your website designer or IT professional should be able to help you get your website setup. You have a few months yet, but I know I will receive a handful of panicked phone calls in July and August from ECP’s asking what happened…

Claire Goldsmith MidPage