The thinking until now has been that you don't need a Secure Certificate if you're not selling things on your site. That thinking is now outdated and all website owners need to be thinking about not only protecting their clients data, but ensuring their own online brand integrity remains intact.
Up until now there has been no perceived benefit or tangible reason for website owners to get a Secure Certificate for their websites but that will be changing in the near future with the use of carrot and stick carrot and stick tactics to get wholesale adoption of this security measure.
The web is highly insecure
We've all known for some time now the web is highly insecure and susceptible to hacking and the stealing of data. You would be justifiable outraged if your data that was stolen, especially if the organisation holding your data had not taken prudent steps to protect it. But what about customer or client data hacked from your website? Do you think these people might also be similarly outraged?
There are a number of prudent steps website owners can take to heighten the security of the data they hold. One simple step is to ensure passwords are of sufficient strength to make it hard for hackers. The other important measure is to ensure the data communicated to and from your website is encrypted. It's estimated that up to 97% of websites communicate using HTTP (unencrypted communication).
Often we think that a Secure Certificate (to use HTTPS) is only necessary is we are selling things online, but, there are a number of sound reasons why all sites should consider a Secure Certificate. The most obvious reason is to protect the privacy of your users, people who fill in forms on your website. By using HTTPS you are increasing the trust between yourself and users who are communicating with you. You are also making is significantly harder for hackers and eaves-droppers who seek to destroy that relationship.
Good reasons for a Secure Certificate
A further reason to consider using HTTPS is that Google announced in 2014 it would factor this in it's search engine ranking algorithm. Google says it considers security a top priority, and wants to make sure the websites people access from it's search engine are secure. Thus, Search Engine Optimisation (SEO) my includes HTTPS as part of the mix.
Now, if your site has a secure certificate installed you will see this with a padlock icon in the address bar, providing the indication that the site is secure. But, this will be changing with browsers, such as Google Chrome and Firefox, stating they will be marking HTTP site as either dubious or insecure. This means that if you continue to use HTTP, people who visit your site may be told your site is insecure. We don't know yet how browsers will convey this warning to users.
In the last few years websites have become particularly weighted down by requiring losts of files, such as large images and numerous Javascript files in order for them to operate properly. This has meant that page loading time has reduced because of the numerous requests each page needs to make to the server. Well, all of this is about to change for the better, but only if your site is using HTTPS. Until now, these server requests could only happen one request at a time. The outcome resulted in pages loading slowly. The more requests the slower the page would load. With the new protocol (called HTTP/2) these requests to the server are multiplexed, meaning that multiple requests and multiple responses can be made at the same time, resulting in faster load times.