In recent years, this has been one of the thorniest issues an SEO has had to deal with. It's a tough nut to crack, requiring resources, shifts in investments, prioritization, and if ill handled, can have a negative impact on a business.
Yet everyone can agree – being secure is a good thing.
Stories of success and failure can easily be found, which can make it tough for an SEO to offer guidance internally. It's a technical process, requiring discrete steps, the purchase of a certificate and a large investment of time and planning to minimize pitfalls and maximize chances for success. Wired did an epic article detailing their experience and process of moving to HTTPS and it's well worth a read.
And that's why so many businesses have pushed off investing in this. The engines have been talking about this for years. Google has taken another step to push businesses forward. Early on, we were told there were upsides to adopting HTTPS, that it would be useful in your journey to rank well and so on. Now, we have a deadline.
In October 2017, Google says, we'll see more warnings of non-secure pages (HTTP) in more areas of interaction. Again, Wired has done a great job detailing some of these changes to help folks understand the new reality. The long and the short of it is that if Google is going to show more flags to searchers, or even interrupt their journey to your page, there is a more than fair chance it'll impact traffic to unsecure results. Given the average consumer has no idea of the details behind HTTP v. HTTPS, it's highly likely their sense of fear will take over. If it smells less secure, they'll avoid it.
What Can You Do?
The single best thing you can do, unsurprisingly, is to go secure. Prioritize the shift to HTTPS. It's being done for solid reasons. One of the things Google (and other engines I should note) are trying to fight, is the practice of bad actors hijacking pages. The consumer may never notice that they've been redirected to an unofficial URL. And if that bad actor uses that bad URL to download malware to you, well, the consumer is hurt. Your brand is hurt because, again, the consumer didn't notice the swap, and you get blamed for it.
The reason this tends to work to stop this kind of behavior right now is that to go secure costs actual money. You need to buy an authenticated security certificate for each domain. Spammers won't take that step as long as the bulk of domains remain unsecured. They can hide in plain sight. If everyone goes secure, however, the default changes. It reduces their ability to target consumers.
Despite all the technical work, and actual costs to be absorbed by a business, the case the engines make for adopting HTTPS is legitimate. It's not iron-clad by any stretch, but it's not unreasonable either.
Your Best Bet
The best course of action you can take around HTTPS, is to do it. Make it a priority, because if Google (and other engines) believe this is a priority, pushing back against them is a tough proposition. Not adopting secure works if everyone skips it. Others are not skipping it, which puts a business not adopting it in a precarious position. Yes, there is a hard cost. Yes, there is the possibility, due to complexity, that your traffic could be impacted. None of which changes the course we're on these days.
It was like when we all were told "mobile matters" and we balked at adopting responsive design, or ignored designing for the mobile experience completely. Today, stories of mobile ignorance are told over late night beers with chuckles and sage side glances. We all know it. Mobile IS our future (actually, it's our today, in fact).
Secure is another element like Mobile. And like the shift to mobile friendly we've all embraced (if not entirely executed on yet), the shift to secure is happening and growing every day. In the next 2 years, those not secure will be the stand outs. Big brand or small business, to not be secure will be seen as a sign that you care less about visitor security and safety. Right or wrong as that sentiment may be, it's the simplified version that most consumers will land on, and beyond an engine flagging a site for not being secure, losing the confidence of consumers will surely hurt a business even more.
Secure your future and get a lock on consumer confidence. HTTPS isn't easy, but it's becoming increasingly necessary.
