If you think of the Internet as being a big mail-delivery system, almost everyone is sending postcards: Anyone who handles your message could read it if they wanted . Encryption works like sealing a letter in an envelope. You know what it contains, and your intended recipient can open it, but intermediaries can’t read your message.

Websites for activities such as banking and shopping have long used a technology called https for protecting sensitive data like credit card numbers. But with criminals and governments (both friendly and un-) hoovering up more Internet traffic every day, security experts are making the case that all businesses should encrypt all their online traffic.

Read: Why Small Businesses are the No. 1 Target of Cybercrime

“Https is an extra layer of protection for web surfers to ensure no one is eavesdropping,” says Michelle Zatlyn, co-founder of Internet security firm Cloudflare. Leaking even fairly innocuous customer data can be, as she puts it, “very embarrassing. If you’re a business, this is really a no-brainer.”

What is https?

Http stands for hypertext transfer protocol, and it appears at the beginning of every website address. The “s” stands for secure—https websites display a small padlock in the browser’s address bar. It looks like this:

Here’s an example of how it works:

  • What the customer sends you: “I’d like to buy 10,000 widgets, please!”
  • What the hacker sees without https: “I’d like to buy 10,000 widgets, please!”
  • What the hacker sees with https: “e101ba4b0a0b3f7102e43e563c2a43b95f237d83”

Read: Canadian Consumers are Increasingly Worried about Cybercrime

Why do it?

  1. Confidentiality. It makes sure no one can see what’s being said between your server and your customer.
  2. Identification. It reassures customers that they’re talking to your business—and not, say, a 15-year-old hacker in Estonia.
  3. Customers want it. Most people have no idea how encryption actually works, but they do care about their security. Implementing https is a signal to users that your company takes that concern seriously. A Pew Research Center report found that one in five people have had an online account compromised or controlled by an attacker, and 86% of Internet users take some sort of precaution to try to protect their online activities. That could include anything from using a fake name to employing an anonymous virtual private network. It’s not just an investment in today’s users, either: People under 30 are the most likely to take such prudent steps, so the customers of 2019 are going to have higher expectations for privacy and security.
  4. Google wants it. The search giant brandished its biggest gun recently to prove its commitment to fostering more encryption online: It announced that it now factors a website’s security into its search algorithm. In other words, sites using https will perform better in Google results. “It’s only a very lightweight signal,” the company wrote, “but over time we may decide to strengthen it.”
  5. It’s about to get a lot easier to do. Cloudflare recently announced it would start providing https as a free service for any website. Https was always inexpensive, but this step removes the last technical and financial barriers, says Zatlyn. “That’s really important. It’s something the web has needed for a long time. It’s the right thing to do.”

    (Illustration: Remie Geoffroi)

This article is from the Fall 2014 issue of of Canadian Business . Subscribe now!

Is your company website protected by https? If not, what’s stopping you? Share your thoughts by commenting below.

Loading comments, please wait.