Information Unleashed

Google Rewards Secure Websites with Higher Search Ranking

Google’s new search ranking algorithm will look more favorably on websites that use HTTPS by default.
Created: 13 Aug 2014 • Updated: 22 Aug 2014
Benjamin Wang's picture
Login to vote
0 0 Votes

Good news! Google’s new search ranking algorithm will look more favorably on websites that use HTTPS by default. The search giant hopes the move will encourage businesses to implement HTTPS encryption. It will be a win for both websites and users, as secure websites will appear higher in Google’s search results while users’ information will be better protected from Wi-Fi network-sniffing attacks.

View Inline Image

According to Google, the company is starting to use HTTPS as a “very lightweight” ranking signal for its search engine. While this signal has only affected less than 1% of global queries, Google may give more weight to encrypted sites over time. The company will publish in-depth details on best practices for HTTPS adoption in the next few weeks.

Why are we cheering at Symantec?
The announcement is the latest move from Google to make HTTPS become more widespread. Google has already provided HTTPS by default on its own services such as its search engine, Gmail, and Google Drive. At its recent I/O conference, Google called for “HTTPS everywhere” (video) across the Web -- and other companies appear to be following suit, as Yahoo recently announced that it would be providing end-to-end encryption for its Yahoo Mail service.

This is a promising step towards strengthening online security. Symantec’s Internet Security Report shows that 1 in 8 legitimate websites have a critical vulnerability.  This really isn’t a surprise. Nearly a quarter of IT professionals have no idea how secure their website is, according to a Symantec vulnerability gap study. In fact, 53% of the 200 IT professionals we surveyed had never performed a vulnerability assessment on their website. The stats are sobering. Online security is a team effort – and we all need to up our game.

View Inline Image

*Source:  Website Security in Corporate America

The recent mega-breaches indicate cybercrime has reached near-epidemic proportions. We’re hopeful Google can use its new ranking algorithm to help entice businesses to adopt stronger security practices.

What exactly is HTTPS?
Any company doing business online should have an SSL (Secure Sockets Layer) solution. SSL is the most commonly used protocol for securely transmitting sensitive information via the Internet, and the most common application of SSL is HTTPS (for SSL-encrypted HTTP).  

SSL certificates are the foundation of online business -- and the backbone of HTTPS encryption. They’re a powerful way of confirming the validity of your website and will help ensure protection of your customer’s online information. SSL certificates create secure connections between clients and servers and encrypt data to make it unintelligible to all but the intended recipients.

How do you get HTTPS encryption?
Symantec developed an interactive guide, called SSL Certificates Explained, which covers everything you need to get started in securing your website, including an introduction to new ECC and DSA encryption technology.

View Inline Image

Other resources are available on our SSL certificates site. If you already have a handle on SSL, our product comparison chart will help you determine which solution is right for you and your business.

Is there anything else you can do to strengthen online security?
Absolutely! Be proactive about securing your online business. A few tips are below:

  1. Protect your customer's entire website visit by deploying SSL on all your web pages.
  2. Implement security precautions on all mobile devices including strong authentication.
  3. Use encryption for data in transit and at rest (SSL does not encrypt stored data).
  4. Protect physical and virtual data centers with host-based intrusion detection and prevention solutions.
  5. Be sure to get your digital certificates from an established, trustworthy Certification Authority who demonstrates excellent security practices.
  6. Deploy endpoint protection software and gateway antivirus and regularly scan for vulnerabilities.
  7. Monitor the threat landscape and your infrastructure for network intrusions, propagation attempts and other suspicious traffic patterns.
  8. Educate users about security policies and information use.

For more information about SSL certificates and how you could use them, take a look at our interactive SSL Certificates Explained guide. If you already know your SSL from your SAN, put your infosec skills to the test with our interactive Chemistry of Website Security site. #GoKnow and #DoItAll

Additional Resources:
http://www.symantec.com/connect/blogs/chemistry-website-security

http://www.symantec.com/connect/blogs/website-vulnerabilities-which-countries-websites-are-most-vulnerable-malware

Filed Under