Using HTTPS on your website

Using HTTPS on your website

Protect your website with HTTPS

The ‘s’ stands for secure

Enabling HTTPS is the first of four priority measures in CERT NZ’s ‘Protect It’ campaign

Your patients and customers trust you to keep their information, and the communication you have with them, confidential and safe. HTTPS (Hypertext Transfer Protocol Secure) keeps the information transferred between you and your patients or customers confidential by encrypting it. This stops attackers from getting the login details or personal information users submit on your site.   

HTTPS uses a protocol called transport layer security (TLS) to encrypt information going between the site and the user’s computer. So if an attacker intercepts this information, they can’t read or change it. We encourage you to secure your email with TLS

What are the benefits of enabling HTTPS? 

Your website will be more secure and your patients’ and customers’ information will be safer. Webpage information is encrypted and therefore at a lower risk of interception. Likewise, there will be a lower risk of an attacker inserting malware or ads on your webpages without your knowledge. 

Users are more likely to trust your website because the little padlock in the address bar is recognised as more secure. Visitors to your site will also have a better experience on your website because there will be fewer warnings – without HTTPS, they might receive a message that your site is not secure.  

From a commercial point of view, your website will get better search ranking. HTTPS is a factor in search engine rankings and those with HTTPS receive boosted results.  

Three easy steps to implement HTTPS 

CERT NZ has provided guidance about HTTPS on their website, which is summarised below: 

  1. Obtain an SSL/TLS certificate. Talk to your technical support staff or ask your website hosting company, and make sure you renew the certificate with plenty of time.  
  1. Add a permanent redirect. Redirect your site from HTTP to HTTPS.  
  1. Update links. Make sure links to third party scripts include HTTPS and update links inside your site (images, downloads, tools) to include HTTPS.  

The crux of it 

HTTPS is a basic requirement and it is imperative that you secure your patients’ or customers’ data by enabling HTTPS across your website.  

For further information and to request a risk assessment please contact us