Hotel digital marketers have yet another headache to deal with…. Here we go again…. In hopes of fostering a safer internet, Google has moved toward new security standards for its Chrome browser, which requires a significant update to hotel websites in order to achieve compliance. Under the new specifications, Google now requires all websites that collect any type of personal data (i.e. forms, email addresses, credit card info, etc.) to migrate websites to HTTPS and upgrade their security technology in the form of “SSL Certificates,” or suffer the consequences. Right now, that consequence is primarily a security alert, which Chrome users see when they reach a web page that Google has deemed a “Non-Secure environment” when the mandated SSL certificate isn’t present. Considering roughly 60% of web surfers currently use Chrome, this is no matter to take lightly; it’s best to make the required changes as soon as possible, to ensure your site traffic isn’t at risk and/or potential guests being scared away. Can Someone Please Explain Why This is Happening? The new Google security standards are intended to safeguard sensitive personal information exchanged over the internet, making it harder for hackers to steal this data. The data lockdown is achieved by migrating websites from the unsecure HTTP (hypertext transfer protocol) platform to the safer HTTPS (hypertext transfer protocol secure) format. In order to make the switch to HTTPS, websites need an SSL/TSL certificate (Secure Sockets Layer and Transport Layer Security) in place. An SSL connection offers enhanced security because it encrypts data to hinder eavesdropping, protects data integrity to prevent corruption during transfer and enables authentication, ensuring users only communicate with the intended website. Some of the security risks that the HTTPS/SSL standard hopes to mitigate include:
- Intruders attempting to exploit unprotected communications to trick your users into providing sensitive information or installing malware (“phishing”).
- Hackers and/or legitimate companies attempting to insert their own advertisements into your website.
- Intruders who passively listen to communications between your website and your users.
- Hackers who look at the aggregate browsing activities of your website’s users, in order to make inferences about their behaviors and intentions, and to thereby de-anonymize their identities.