Securing personal data traffic is becoming a fundamental issue for every company. After decades of neglect, legislators, browsers and users now expect a minimum of security from all digital players.
In the meandering world of cyber-security, the adoption of HTTPS protocol is a prerequisite for a secure online presence.
WHAT IS HTTPS ?
The HTTP (Hyper Text Transfer Protocol) protocol enables the exchange of data between the browser used by the Internet user and the server hosting the website. In simple terms, HTTPS (Hyper Text Transfer Protocol Secure) is a secure version of HTTP, with the addition of an encrypted protocol: SSL (or TLS in its most recent version). In practice, SSL encrypts user data exchanges, preventing them from being recovered by a malicious third party.
There is a wide range of SSL encryption levels, depending on protection needs.
The presence of this encryption is easily identifiable: an HTTPS protocol in the URL, an associated padlock and an SSL certificate that can be consulted by the Internet user (these elements may vary according to the degree of protection adopted).
Originally intended for e-commerce sites or those handling sensitive data (banks, insurance companies, public services), the HTTPS protocol is now favored by all corporate sites. Several factors are behind this growth.
ADVANTAGES: SECURITY, TRUST AND REFERENCING
The implementation of the RGPD, from May 2018, shifts the responsibility for data protection to the company. It is therefore its responsibility to “guarantee appropriate security (…) using appropriate technical or organizational measures” (Article 5 paragraph 1/F).
This provision indirectly implies the adoption of an HTTPS protocol for all online forms on which personal data is transmitted. It should be noted that the CNIL recommends the implementation of a TLS encryption protocol, as SSL risks becoming obsolete.
In the law firm and accountancy sector, the proliferation of forms (legal watch, simulations newsletter, etc.) means that HTTPS must be used, in order to comply with the provisions of the European regulation.
HTTPS also offers extra-security benefits. Various studies on Internet users’ consumption habits show that a site without an SSL/TLS certificate has a negative impact on the user and, consequently, on the brand.
Another advantage of using HTTPS is its impact on search engine optimization. On the one hand, the Google Chrome browser now (since October 17, 2017) warns users when they are on a site not secured by an HTTPS protocol. Conversely, a secure site naturally benefits from better search engine referencing, as Google has adopted a policy of encouraging migration to HTTPS.
THE RIGHT PRICE
The SSL certificate associated with the HTTPS protocol is valid for one year. Prices and service providers are extremely varied on the market. Prices range from 20 to 1,500 euros/year, with average protection around 500 euros/year.
It is important to adjust the level of security to the sensitivity of the data collected. For a law firm website – with no possibility of online payment or exchange of ultra-sensitive data – it is not necessary to opt for expert protection. The case of chartered accountants is significantly different, with the emergence of automated platforms requiring increased protection.
While it is necessary to think carefully about the level of protection required, migration to an HTTPS protocol is a necessity for all online business players.
