HTTP vs HTTPS: What difference does it make to security?

Looking directly at the two acronyms 'HTTPS' and 'HTTP', the first thing to point out is that the 'S' on the latter refers to an additional layer of security. Its full name is 'Hypertext Transfer Protocol Secure'. However, both HTTPS and HTTP are essential functions for businesses and there are more differences than just an initialism.

HTTP, which stands for Hypertext Transfer Protocol, was developed in 1989 by Tim Berners-Lee, the father of the World Wide Web, no less. HTTPS came some five years later, thanks to Netscape Communications and its Netscape Navigator web browser.

What led to the development of HTTPS were calls for tighter privacy controls and more awareness around what makes a webpage 'secure'. Back in 2018, Google caused a bit of a stir by labelling HTTP as 'not secure', giving HTTPS the green light to become the web standard.

That, however, doesn't mean that your web surfing is completely safe on HTTPS. In 2021, 91.5% of all malware attacks were sent via HTTPS traffic, so there is still great risk here. So, to ward off these kinds of threats, businesses are advised to conduct HTTPS encrypted traffic inspections and engage in advance behaviour-based threat detection and response.

What are the benefits of HTTPS over HTTP?

Browsing with HTTP transmits data in plain text, which masks it for would-be hackers performing so-called 'man-in-the-middle' attacks where they attempt to intercept data while it's in transit.

HTTPS, on the other hand, works with public key encryption through SSL/TLS to prevent the same kind of hack.

A good example comes from web specialist Cloudflare: If a user sent the message "Hello World!", the unauthorized party would see that exact phrase and some additional information, such as the server or the time the text was entered.

With HTTPS, it would see something like the following:

't8Fw6T8UV81pQfyhDkhebbz7+oiwldr1j2gHBB3L3RFTRsQCpaSnSBZ78Vme+DpD....'

Additionally, for a website to have the SSL certificate that enables it to use HTTPS, the domain must be verified to check that it belongs to the website owner and in some cases, legal certificates must be presented to verify everything is in order.

Another benefit of using HTTPS is improved web rankings on Google, with only the most secure and authoritative sites getting featured on the first page.

How to switch from HTTP to HTTPS

If your business is still registered under an HTTP domain, you should consider making the switch to HTTPS. Even though it may seem like a big task to undertake, the process really isn’t that complicated, and there are plenty of benefits, from improving your business’ visibility on Google to thwarting man-in-the-middle attacks.

So, how exactly does one change to HTTPS? The first step is to get hold of your website’s hosting company. You should ask them to help you purchase an SSL certificate, which they should also help install. While you do so, ensure that you haven’t left behind any stray website links, otherwise, when you move away from HTTP, they could be left broken, cutting off customers from these pages altogether.

After the SSL certificate is issued and installed, your website’s hosting company should be able to simply redirect any traffic from the old HTTP version of your website to the new HTTPS one.

In the situation where your website’s hosting company is being unhelpful for any reason, bear in mind that there is an abundance of third-party vendors which would be able to assist you in purchasing an SSL certificate. It might be worthwhile shopping around and weighing up the packages offered by various vendors. If your hosting provider is helpful, however, it’s undeniable that the easiest option is sticking with them, as the sheer number of alternative providers can be a lot to sift through.

You can also take matters into your own hands by manually installing the SSL on your FTP, although you will also need to remember to set up a redirect from the HTTP version of the site to HTTPS for the reasons mentioned above.