Half of all websites failing users’ security

editorial image

Web-users across Scotland are being put at risk by the failure of major websites to address a simple shortcoming in their security set-up.

The HTTPS ‘protocol’, by which information is sent online is the secure version of the more established HTTP and encrypts information sent to and from the website to your browser.

Without HTTPS, users’ information will be far easier to capture and read by an unscrupulous third party hacker – raising concerns for those filling out information on unsecured websites.

What’s more, around half of all websites[i] on the internet have failed to upgrade to the cost-free certification.

Gerry Grant, Chief Ethical Hacker with the Scottish Business Resilience Centre (SBRC), said: “It really is essential to make sure that when you submit data to a website via a form that the website is using HTTPS.

“If not, your personal details including usernames, emails, passwords, credit card information are at risk of an easy surrender to cyber criminals.”

It is now easier than ever for website owners to make this change. ‘Let’s Encrypt’ have been issuing the certificates for free to encourage more websites to implement HTTPS.

Gerry added: “A number of high profile organisations are still neglecting this simple measure and many smaller firms are yet to update to the encrypted protocol.

“There really is no excuse to not having this step in place to protect users of your website. The small cost has now dissolved so it is just case of a comparatively insignificant time investment.

“It is not a complicated process and Web Designers should be able to implement it very quickly and easily.

“In the mean time we can only recommend that organisations take this step and that web-users remain vigilant.”

While the primary concern of this protocol is the safety and security of those online, slack security is also likely to affect businesses’ bottom lines.

Google Chrome web browser now highlights sites not using HTTPS, showing a warning to users that the information is not secure, reducing trust for users.

This is compounded by the fact that Google is now ranking sites with HTTPS above those that do not in their search results – an increasingly pressing issue in a digital marketplace.

The SBRC was set up with the objective of creating a secure Scotland for business to flourish, encompassing everything from cyber security to all aspects of premises and employee safety.