If you provide a service to customers, such as a banking portal or online shop, you’re going to want your site to be secure. Some argue that since the landing page of their site doesn’t contain sensitive information, it doesn’t require HTTPS. However, this is where they’re wrong. If users are entering their information and your site is served over HTTP, it’s not an encrypted connection. This means data can be intercepted, read, or modified. Also, seeing as there has been such a push for HTTPS, you’ll have a lovely “Not Secure” message next to your URL if your site does not have an SSL certificate installed. Now I’m not sure about you, but the image of the green lock when your site is “Secure” is a much more comforting sight than the information circle placed next to a website URL that is “Not Secure”. Also, when users are logging into their accounts for their bank or loan provider, the last thing they want to see is a “Not Secure” message plainly displayed.
If your landing page isn’t secure but your login page is, this is still a problem. You see, when navigating from a non-secure page to a secure one, someone messing with traffic can modify your request because it’s coming from a non-secure page. That person can make changes to the URL, stand your site up on that newly created domain, and then phish the credentials. You can see how this would be incredibly problematic, especially for a banking site. Intercepting and modifying traffic is incredibly prevalent too, so this isn’t a rarity.
On the plus side, the march towards HTTPS has been relatively effective. Almost 70% of today’s web traffic is encrypted and companies that aren’t switching over are being penalized for straggling. If you provide an online service where someone’s personal information could be tampered with, you should have already switched to HTTPS. If you haven’t yet, have a discussion and get your tech people on it. Your customers’ peace of mind should matter to you!