Google and its popular web browser Chrome are on a mission to make the web safer for everyone – and by everyone, that means schools too. It’s been brewing for a few years now, but if you don’t have an ‘s’ after the ‘http’ in your school website URL, you may want to read on about the new Google security requirements for school websites.
Starting in July 2018, Google and its newest version of the Chrome browser, will flag any website without an SSL as “not secure.” Don’t be alarmed, just be informed. You can learn more right from the proverbial horse’s mouth in this Google Security Blog article.
Keep in mind while this security measure applies only to Chrome browser users, its impact is nonetheless vast. According to web analytics source StatCounter, Chrome accounts for around 60 percent of all browser users when combining desktop and mobile use. NetMarketShare, another source for tech and web usage industry data, pretty much reflects the same results.
According to Campus Suite lead developer Justin Zimmerman, “It’s possible other browsers follow suit, but I’ve not yet heard anything about them doing it. Firefox would most likely be the next browser who may do something like this, but I would imagine Safari and Internet Explorer (IE) would take longer to come around to it.”
Zimmerman went on to say that Safari and IE typically lag behind Chrome and Firefox in such developments, so suffice it say, as it stands right now, this comprehensive security measure applies only to Chrome browsers. Firefox does give warnings, for example, in cases where forms exist on a page without HTTPS. However, they are not flagging entire sites as being insecure that do not have this “blanket” SSL coverage.
A word about SSL
SSL stands for Secure Socket Layer, which allows secure connections from a web server to your browser. Without getting too geeky, basically it creates a digital encrypted key unique to a website.
In the case of schools, it will ensure that anyone who visits your school or district website – parents, staff, students, the school community at large – is operating on a secure site. This is especially important when it comes to transactions, privacy and just general online security. Credit card information, logins and passwords, and any and all sensitive data are protected over SSL.
Any site encrypted via SSL has an ‘s’ after the ‘http’ (https://…) at the start of its URL. Also, a padlock icon will appear, and, depending on the browser being used, some color differentiation is made between secured and unsecured sites.
Next steps for schools
Generally speaking, it’s a good thing to switch your school website over to a secured protocol. Migrating your site to the new secured protocol will, in most cases, occur behind the scenes, depending of course on your website provider. Your website, in fact, may already be operating in the HTTPS world.
To get out ahead of this transition – Google indicates that in July 2018, effective with the release of its latest version (Chrome 68) – the Campus Suite support team is guiding its customers through this process beginning in May. Campus Suite includes SSL certs (provided by www.letsencrypt.org) as part of all customer subscriptions. Check with your website provider on their plans to help your school address this new web security issue.
As far as what you can expect, there may be some custom search engine updates required to allow your site to be reindexed. This could have some SEO implications for colleges and private schools who rely on organic and paid search for enrollment marketing and communications. But Google says any drop off in rankings will only be temporary if at all.
For any school IT manager interested in a deeper dive on the subject, check out the Google support content on migrating from HTTP to HTTPS.
For related articles:
- Chrome will mark all HTTP sites as ‘not secure’ starting in July
- Google Security Blog Article – A secure web is here to stay
- Migrating from HTTP to HTTPS.