Is your site marked “not secure”?

Google has been chatting about the importance of secure websites for a few months. With a market share of 86.28% among leading search engines*, when Google speaks, we should pay attention.

And, as promised by Google, their message is no longer background chatter. Since the start of summer, it’s being broadcasted loud and clear with an ⓘ. HTTP (Hypertext Transfer Protocol) sites are now flagged as “not secure” in Google Chrome search results.

The consequences

A nonprofit seeking donations, members and volunteers may see a hit in their online activity when their website is flagged with this warning:


You should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by attackers.

That’s scary language. I know I’m going to back away from the keyboard and making an online donation when I see that warning. Will your informed donors react the same? Charity Watch lists 9 pointers to look for in making certain online donations are safe. Number four on their list, highlighted in red, is “give safely” and advises potential donors to look for an HTTPS (Hypertext Transfer Protocol Secure) URL.

SSL certificate

Your web hosting company or website developer can help you with the steps of obtaining an SSL (Secure Sockets Layer) certificate, along with activating and installing it. This digital certificate provides authentication for your website and encrypts data while it is being transmitted. Expect an annual fee for the certificate. When the ⓘ becomes a green padlock next to the URL, you will know the website has been deemed secure by Google.

Beyond the padlock, additional security tips


Don’t let the padlock lull you into a false sense of security. It’s only covering data as it is transmitted. You will still need to have a firewall in place to prevent unauthorized access to your web server. Also, make it standard practice to create secure passwords. Use a service to monitor for malware to protect data from online threats. Update software when notified as the updates often include security patches. And, don’t allow visitors to your site to upload files as that can open the door for problems. If necessary, use a SFTP or SSH method instead.

Finally, one more tip… As external websites are certain to update their security, double check that this doesn’t result in any broken links on your site when referencing resources outside your organization.

These are just a few tips for protecting your business and donor data from the bad guys. What tips do you have to share?

Susan Mertz is a Content Specialist at M&C. She specializes in website development, search engine optimization and enhancing user experience.