This Website Is Not Secure!

Over the last few weeks, we have been researching web traffic for 177 of the most productive brokerages in sales volume and sides. While we are still diving deep into the study, there was one stat that gave me grave concern--the number of broker websites that are not secure for a customer to login or to complete a form.

Securing information between a person who completes a registration or property inquiry form and then sends it to a website's server is achieved when you see the HTTPS before the web address.

Example:

• https://www.WAVGroup.com – Communication between person browsing and the website server is secure
• http://www.WAVGroup.com – Communication between person browsing and the website server is NOT secure.

Today, we do not even consider launching a website—with or without forms—without applying HTTPS website security.

For years, Google has been pushing webmasters to apply HTTPS to secure websites. While this method has been a longtime practice, most companies were not adhering to it if their site did not have an e-commerce payment feature. That is, until Google started to highlight non-secure websites as "Not Secure" in Chrome back in July of 2018. Nowadays, the majority of web browsers display non-secure websites to people.

During our research, we exposed that almost 25 percent of the 177 websites in the study were non-secured websites. These are websites from brokerages who are productivity leaders in sales volume, or sides, or both. Websites that included features like subscribing to a newsletter, submitting a property inquiry with a showing request, or a site registration and login form. Scary!

Non-secure websites are open

A simple scenario of creating a new username and password on a non-secure website makes it easy for others to see it. When the submit button is pushed, the browser sends the information to the website's hosting server in a form that is as readable as this article.

There are plenty of tools to capture the communication into a file and query it to find the information. Unsecured Wi-Fi hotspots like in airports, restaurants, and public places make it easier for the bad guys to capture non-secured communication with these tools.

Open hot spots make it imperative to secure websites to protect the consumer's privacy and security, leverage search engine optimization, and preserve the company's brand image.

Consumers Privacy and Security

The EU's General Data Protection Regulation (GDPR), California Consumer Privacy Act of 2018 (CCPA), and the discussions in the U.S. Congress on new federal regulation policy state that any compromise of a person's personal or private information must be disclosed. It will be difficult to remediate any violations of these laws when a company maintains non-secured websites.

An item to note: While CCPA's accountability to the law is limited to only big companies, the U.S. House and Senate hearing was inclusive for every company and preemptive to state law. The federal government is reviewing how to align data security with a privacy policy.

Search Engine Optimization (SEO)

Search engines have been saying since 2014 that one signal they use for ranking websites is if they are using HTTPS. Google previously stated usage of HTTPS as a ranking signal is part of their algorithm.

For these reasons, over the past few months, we've been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal.

Should we be concerned about this since Zillow, Realtor.com, and Trulia are winning this war? I absolutely think it makes a difference for longtail searches. These sometimes include typing in a property address or performing a search for "home for sale in X neighborhood for $250k."

Company's brand image

This one upsets me. Brand is extremely important to a company, and having a web browser say "Not Secure" is making a negative brand impression on the consumer. Let's take a look.

Chrome:

Here is an example when accessing a non-secure website in Chrome. When the consumer clicks on the information circle next to Not Secure, the following message is delivered.

Brand message: We want your business, but we don't care enough to protect you from the bad guys!

The next example shows how a secured website is treated by Chrome. The consumer is presented with a lock icon next to the URL address.

All is okay with this company!

Firefox:

When accessing a non-secure website, Firefox only displays the information circle. But, look at what is displayed when the consumer clicks on the site.

I like how Firefox displays a secured website. They present a bold green lock next to the web address.

This aligns and signals the dedication of a brand that is concerned about my security and privacy.

Safari:

Apple's treatment of a secured website only displays a little lock next to the web address. It is okay, but nothing really bold.

Apple's lack of treat treatment on non-secure websites is a little disheartening. As a consumer, you only know when the website is secured. I guess Apple thinks people are more aware of their browsing habits.

Brave Browser:

If you like a browser to test for SEO and easily select ad and tracking blockers, try Brave Browser. It has become a go-to for surfing the web.

Brave treats non-secured websites similar to Firefox. A big red "Not Secure." Click on the Not Secure and the message is loud and clear:

Summary

All your website assets need to be set up with HTTPS. The cost to implement is minimal compared with not having the proper security in place to protect people, losing out on longtail SEO, and jeopardizing the company's brand with consumers. It all matters in today's business world.

There really isn't any excuse for having a non-secure website. If your team is too busy, call us. We'll handle this for you and make the necessary phones calls to get the job done. One more item to check off your "to-do" list.

To view the original article, visit the WAV Group blog.