Editor’s note: Repairer Driven News regularly features pieces by prolific national columnist Gene Marks. While despite not being directly related to collision repair, they should still prove valuable to the small-business owners and employees which make up much of the industry.
This column, originally published in the Washington Post on Sept. 12, points out an issue body shop (and website) owners will want to get double-check with their own webmasters to avoid worrying customers and business partners. While you’ve got your Web folks on the phone or email, you’ll definitely want to check about the possibility of switching from the CIECA EMS repair messaging data standard to BMS for better security and customer/business partner data protection.
By Gene Marks
I’ve got a problem with my website.
There are now more than a billion users of Google’s Chrome browser. And when any of those arrive on my site, www.marksgroup.net, a little “i” icon shows up in the address bar. It means my site isn’t secure. Up until now, that really hasn’t been such a big deal. But it’s about to be.
I don’t sell anything off my site, which means I don’t accept credit cards. But I do ask for users to submit their contact information when signing up for an event or to download a whitepaper. And that’s where the problem occurs.
My site uses a HTTP (Hyper Text Transfer Protocol) connection, which is not as secure as the encrypted HTTPS (Hyper Text Transfer Protocol Secure) method. A lot of small businesses I know are the same. (Editor’s note: Even some OEMs seem to have the little “i” flag on Chrome!)
It’s not a big change to make, but it does make a big difference.
Because the data is not encrypted, an HTTP protocol not only makes it much easier for hackers to steal passwords or other information as the data moves around the web, but it also enables them to copy a website or page so that users may be fooled into browsing and submitting data to a counterfeit site.
The good news is that many sites have been transitioning to HTTPS — in fact, more than half of Chrome’s desktop pages are now connecting via this more secure method. But Google wants things to move faster.
Google’s plan, according to a company blog post Sept. 8, is to label HTTP sites that accept credit card and password data “more clearly and accurately as non-secure” for Chrome users. It will start doing this in January 2017.
The plan will intensify over the coming months. In future releases of Chrome, Google intends to make the HTTP warnings more obvious — particularly to those who like to browse “incognito” where there is a perception that security and privacy is better. (It’s not.).
If your website, like mine, is either accepting credit cards or other data and still using the old HTTP protocol then our visitors are going to be warned by Google that their information may not be secure as they enter it. And the last thing we want to do is to drive customers away for fear that the information they submit could be compromised. If you want to fix this yourself, then Google offers help for setting up an HTTPS site here.
Me, I’m emailing my webmaster as soon as I’m done writing this.
The column originally appeared on the Washington Post.
Gene Marks is a columnist, author, and small business owner. http://genemarks.com. Gene writes every day on business, politics and public policy for the Washington Post and weekly for Forbes, Inc. Magazine, Entrepreneur and the Huffington Post. Marks has written 5 books on business management, specifically geared towards small and medium-sized companies. His most recent is “The Manufacturer’s Book of Lists.” Nationally, Marks appears on Fox News, MSNBC and CNBC discussing matters affecting the business community. Through his keynotes and breakout sessions, Marks helps business owners, executives and managers understand the political, economic and technological trends that will affect their companies so they can make profitable decisions. Marks owns and operates the Marks Group PC, a highly successful 10-person firm that provides technology and consulting services to small and medium-sized businesses. Prior to starting the Marks Group PC, Marks, a Certified Public Accountant, spent nine years in the entrepreneurial services arm of the international consulting firm KPMG in Philadelphia, where he was a senior manager.
Google, Sept. 8, 2016
Gene Marks via Washington Post, Sept. 12, 2016
Columnist Gene Marks. (Provided by the Marks Group)
An example of how Google will label a webpage as “Not secure” in 2017. (Provided by Google)
Google eventually wants to attach this warning to all merely-HTTP pages. (Provided by Google)