Hoteliers have needed to continuously remain flexible and diligent in complying with the ever-changing algorithms, rules, and regulations imposed by Google’s mission “to organize the world’s information and make it universally accessible and useful” and “to develop services that improve the lives of as many people as possible.”
One of Google’s latest changes is their stand on SSL certificates. Anyone with a website should have installed an SSL Certificate onto the server at the end of last January to offer guests who land on your site a secure connection. This is vital when you are gathering sensitive or personal information from potential guests like credit card numbers, logins, and data.
SSL certificates are microdata files that digitally tether a *cryptographic key to your hotel’s domain name, company name, and location. When the cryptographic key is installed on a server, the padlock and the https protocols that create a secure connection are initiated. The certificate has successfully installed when the protocol HTTP that you see changes to HTTPs. The ‘S’ is for ‘secure.’ Travelers who visit your website will see a small padlock icon in their browser, indicating a secure connection.
*A cryptographic key is a specific ‘language’ for a cryptographic algorithm. This ‘language’ converts plain text into ciphertext and vice versa. This ‘key’ ensures a secure private connection.
Think of both protocols HTTP and HTTPS as a kind of cyber language used when information (data) moves between guests, hotel systems, and servers.
Hoteliers need to upgrade their online security technology protocol to conform to the SSL Certificate protocols and take the lead from Google’s Certificate Transparency project, or they risk losing significant traffic to their sites. Travelers surfing the web will see a warning that the site is not “secure” and more than likely move on to a site that doesn’t put them at risk.
Google’s shift in security standards makes sense. Previously, SSL Certificates were aimed at delivering a secure experience to guests entering a credit card, and other sensitive information, the new rules are an attempt to shield travelers from hackers by encrypting all data, making the entire experience secure. Data that was transferred in an unsecured hypertext transfer protocol (HTTP) platform to the format appropriately titled Hypertext Transfer Protocol Secure or HTTPs. You guessed it, the ‘s’ stands for secure. You need the SSL Certificate (Secure Sockets Layer Certificate) to provide a safe site that encrypts and shields your digital guest’s private information and stop possible corruption while their sensitive information is being transferred. This ensures that visitors to your website are entering data with you (their intended website) and not rogue hacker mining stolen unencrypted information, phishing, or installing malware.
Google made the push for sites to become secure in July of 2018.
Sites that are not secure will be branded (in the browser) with the notification that the site is “not secure” even in incognito mode. Eventually, this scarlet letter may be accompanied by the actual color red to catch the eye of those who might not otherwise notice that your site is not secure.
Some troubling news is that mobile devices (especially older devices) offer unencrypted experiences. Further, the AT commands which were initially designed for simple commands like hanging up and dialing broadened to include LTE, 3G, SMS, launch camera commands, and touchscreen protocols leaving some devices vulnerable to doing something as familiar and simple as charging the device in public locations. Many carriers have offered patches as a fix to AT command access through USB; however, malicious attackers can still find ways to exploit many devices. If this possible issue is coupled with a site that is not secure, it is a recipe for potential disaster.
Having a site that is not secure will create obvious problems like user distrust and lack of conversion. These problems are preventable, and the fix is easy. Hospitality professionals need to ensure their web providers are ahead of issues that render them vulnerable, like security, and more.
All websites Powered by INNsight are fully encrypted end-to-end offering guests the peace of mind that their personal data is secured when completing their reservation via our servers. Additionally, INNsight deploys GDPR and CCPA safeguards to protect private data including two-factor authentication and other security measures.