What is a "secure" website and does your practice need one?
Posted on 2/24/2017 by Wendy Hensley, Marketing Manager
There's been a lot of buzz lately about websites being secure and its relationship to search engine rankings. The incorrect assertion that is being circulated is that Google gives specific and significant preference to sites that are secure and therefore shows those websites higher in the listings.
Because of this, we've seen several companies using this information to scare dentists into unnecessary website redesigns. They are told they "have to have a secure site to be competitive" or even "Google did an annual check of your website and it isn't secure". The trick is geared to frighten the office into switching to the new vendor. This is not unlike the old trick that most every office has seen now where the vendor claims that your domain name is about to expire and only they can recover you registration. Fear is the motivator to bypass understanding and skip to incorrect action.
So, before you put money into that potentially costly effort, let's take a moment to understand what a secure website really is. Why does it matter to Google that your website is secure? And do you need a secure website to bring in new patients?
What does secure mean
When someone talks about a secure website, they're referring to the website being able to transmit data from the website to the user and vice versa using an encrypted secure socket layer (SSL). That's why some websites use https instead of simply http. The "s" stands for secure.
This is commonly seen with ecommerce websites. Credit card information is being transmitted back and forth between the website and the user so the connection between them must be secure. If it's not secure, the company is taking a huge risk that important information could be stolen during transmission.
What secure doesn't mean
A secure website doesn't mean it's immune to hackers or a wide variety of attacks. It only means that the information is protected during transmission from your computer to the server.
Having a website that's hardened against hackers requires effort at both the website level and the server level. At the website level it requires software and code updates, including plugins, scripts, and forms. At the server level, it requires the server to be protected by multi-layers of defenses. Some systems include the ability to identify and block hacks as soon as they come in including new ones that have not been seen in the past.
If someone is trying to tell you that your site isn't secure just because https isn't in use on your website and thus you're open for hackers, they likely are using a scare tactic to get you to take some action that is probably not in your best interest.
Do you need a secure site?
Because there's an additional layer of encryption on the web pages being transferred to and from secure sites, it's important to note that often they run slower than other websites. They can also cost more because you must pay for, install, and maintain a security certificate.
If you have a basic website without any sensitive patient health information (PHI), online submittal forms, or collection of payment information then you likely don't need a secure website for the purpose of encrypting sensitive data during transfer.
If you have a website with forms that transmit patient information from the website to your office, then you'll need to have some form of security in place. Often you can use applications that are secure and then won't need to make your entire website secure. That gives you the benefit of the security without the slowness on the rest of your pages.
Does Google care?
Google's long term goal is to have every website transmit data securely, which makes sense. To this end, Google cares strongly if you have an ecommerce website and are collecting credit card information. If your website is informational, they care very little. Google has stated that less than one percent of all websites rankings benefit comes from the website being secure. We expect this percentage to increase over time but your dental website rankings are not likely to go up or down based on having all pages on your website transmit securely over https.
What to do if you're concerned about hackers.
Make sure your website isn't built on open source platforms like WordPress. Remember that open source platforms have many people writing/coding/buying/using them but the plugins often aren't updated regularly leaving security holes that hackers can detect and exploit.
Make sure your marketing company is hosting your site on a server that has multi-level anti-hacking protections. For instance, on the WEO servers we use a combination of security hardware and software systems and have additionally developed multiple proprietary software systems to further identify, monitor and block potential and evolving hacking attacks in real time.
WEO Media is proud to have a robust content management system (CMS) that's tightly controlled and hosted within our own environment. Because of our attention to security at many levels, we have not experienced a single client website on the WEO system that's been successfully hacked. Although we defend against hundreds of attacks daily, sometime spiking into the thousands around holidays, we automatically shut down those threats and modify our protections as new threats evolve.
If you have questions about website security and would like to talk with one of our marketing experts, please contact us. .
Want more? We've got your back.
Stay informed and ahead of the curve with tips, insights and best practices or talk to one of our Senior Marketing Consultants now.
Call us at (888) 246-6906
WEO Media 8625 SW Cascade Avenue Suite 300 Beaverton, OR 97008