In the drive to make the web a more secure place, Google has taken the lead with efforts to not only secure their own services but also help webmasters secure theirs. One key method to protect your data is to encrypt the information that travels between a server and an end user. This method uses HTTPS or HTTP over TLS, or Transport Layer Security. We should all be familiar with this as we should have seen the address bar change colour and a https:// appear when we are doing anything on the webs that requires security.
Traditionally we are used to seeing this used on websites that accept credit card information or when doing your internet banking. Now Google wants to encourage every website to switch to this secure method of transmitting information. It is also running tests to include this a ranking signal in determining the rank of a website. At the moment it is described as a “very lightweight” signal but they mention that “over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
How does this affect hotels?
If your booking engine runs from your hotel website then it probably already serves these pages using HTTPS. That means that your server set-up will already support this method and it will be easier to set-up the site to serve all the site pages using this secure method. If your hotel utilises a 3rd party booking site then you will probably have to purchase a security certificate and make adjustments so that your site pages are served securely.
Google has provided an excellent help page to get started but here are some here are some basic tips from Google to get started:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Check out our Site move article for more guidelines on how to change your website’s address
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
Should hotels take steps to become secure?
A hotel website might not seem like the ideal candidate for this level of security but forms such as those used for newsletter sign-up transmit valuable personal information.
As users become educated on the need for web security they may hesitate to provide personal information if the website does not use HTTPS. Also if Google makes this a permanent factor in its ranking algorithm we may see secure websites starting to outperform the non-secure ones.
At this moment a secure hotel website is a nice-to-have but in the next few months or years it may become a must for hoteliers.