SSL: The latest threat to your hotel website

Hotel digital marketers have yet another headache to deal with…

Here we go again….

In hopes of fostering a safer internet, Google has moved toward new security standards for its Chrome browser, which requires a significant update to hotel websites in order to achieve compliance.

Under the new specifications, Google now requires all websites that collect any type of personal data (i.e. forms, email addresses, credit card info, etc.) to migrate websites to HTTPS and upgrade their security technology in the form of “SSL Certificates,” or suffer the consequences.

Right now, that consequence is primarily a security alert, which Chrome users see when they reach a web page that Google has deemed a “Non-Secure environment” when the mandated SSL certificate isn’t present. Considering roughly 60% of web surfers currently use Chrome, this is no matter to take lightly; it’s best to make the required changes as soon as possible, to ensure your site traffic isn’t at risk and/or potential guests being scared away.

Can someone please explain why this is happening?

The new Google security standards are intended to safeguard sensitive personal information exchanged over the internet, making it harder for hackers to steal this data.

[pro_ad_display_adzone id=”15046″ align=”left”]The data lockdown is achieved by migrating websites from the unsecure HTTP (hypertext transfer protocol) platform to the safer HTTPS (hypertext transfer protocol secure) format. In order to make the switch to HTTPS, websites need an SSL/TSL certificate (Secure Sockets Layer and Transport Layer Security) in place.

An SSL connection offers enhanced security because it encrypts data to hinder eavesdropping, protects data integrity to prevent corruption during transfer and enables authentication, ensuring users only communicate with the intended website. Some of the security risks that the HTTPS/SSL standard hopes to mitigate include:

• Intruders attempting to exploit unprotected communications to trick your users into providing sensitive information or installing malware (“phishing”).
• Hackers and/or legitimate companies attempting to insert their own advertisements into your website.
• Intruders who passively listen to communications between your website and your users.
• Hackers who look at the aggregate browsing activities of your website’s users, in order to make inferences about their behaviors and intentions, and to thereby de-anonymize their identities.

The new security standard is also becoming a prerequisite for a number of leading-edge technologies, which are increasingly requiring permissions obtained in a secure setting. SSL/HTTPS is considered the future for all web communication, so it pays to get on board now.

The penalties

At the moment, Google is “motivating” hotel website owners to comply with the new standard by placing an information icon in the Chrome address bar that warns “Your connection is not secure” when site visitors arrive at a page not using HTTPS.

This may seem like a small detail, but it may have a huge impact on hotel website conversion rates. You don’t want to scare away customers with an unsecure website. Google has indicated that warnings may become even more pronounced in future browser updates.

You also don’t want your customers’ data being compromised because you failed to provide a secure setting. As recent data breaches among numerous major hotel companies have proven, hacks can cause extensive damage to brands and they erode consumer trust, which can be disastrous to the bottom line. Given those risks, taking the steps to comply with the SSL/HTTPS standard is a no-brainer.

The solution

The first step in meeting the standard is for hotel digital marketers to obtain an SSL Certificate from a Certificate Authority (CA). The certificate permits your website to communicate using encrypted, non-corruptible data, while also acting as a stamp of approval.

Many providers offer free SSL/TSL certificates; (Shameless plug: Tambourine provides SSL certificates for all clients included in our monthly service package).

With an approved certificate in place, the next steps are to conduct a full backup of your hotel website, change all your internal links, check code libraries, update external links and create a 301 redirect. It’s also important to claim all four versions of your site URLs (HTTPS, HTTP, www. and non-www.) on Google Search Console Analytics, AdWords and other paid ads, plus social profiles and business citations. Since there are multiple complex steps, you definitely want your digital marketing team or external hotel digital marketing firm to handle this.