What do you mean your law firm is not running a https certificate secured website?

What do you mean your law firm is not running a https certificate secured website?

View profile for Andy Osborne
  • Posted
  • Author

What is an HTTPS certificate?

The “S” in HTTPS stands for secure and means that data being sent between a browser and a web server are encrypted, whereas connections to a standard HTTP website are not. Not the ideal situation if you are a law firm taking and storing confidential and sensitive information through your website enquiry forms and more.

You might not think it’s a huge problem, but without the padlock icon in the address bar, potential clients might think it’s a risk browsing your site, submitting details on it or making a payment for a service. This is because there’s no way for the visitor to really verify that they are connected to the correct website. They might think they’ve clicked a link to your site, but they’ve landed on a compromised server that’s redirecting them to a dodgy imposter site.

Just think, if you landed on a bank’s webpage and it wasn’t secure, would you trust them with your personal and debit/credit card information?

Running your website as HTTPS means you have a secure certificate installed.   Your site has always had this for passwords and sensitive data, but they are now commonplace for the whole site and recommended by Google even if your website isn’t selling a product or service directly on the web. Is it time your law firm does the same? It’s a big YES from us.

But if you’re still not sure, read on for reasons why your law firm would benefit from switching to an HTTPS certificate.

What are the benefits of an HTTPS website compared to an HTTP website for your law firm?

1. Your clients are more likely to trust you

One of the main benefits of implementing an HTTPS website is that your users will now benefit from encryption meaning their data is secure. If your customers trust you to keep their data safe, they are more likely to trust you with their legal work.

2. Lead Generation

Your website is there to generate new leads, isn’t it?  As far back as 2017 Google implemented a feature where a “not secure” warning will pop up when users attempt to fill out their details on a form on a non-HTTPS website. This is enough to freak out potential clients and send them straight to a competitor who has an HTTPS site.

3. Everyone’s doing it

As previously mentioned, an HTTPS website is the standard now, so don’t let your law firm be the one that’s left behind. We live in a world where hacking and data breaches are everyday news – as a law firm, you should be all too aware of this, so why haven’t you made the switch to HTTPS yet?

4. Google wants you to

Google announced that HTTPS is a ranking factor in their search algorithm. You can guarantee that Google favours HTTPS sites because they want their users’ experiences to be safe. So, if you’re investing in your search engine optimisation (SEO) and pay-per-click (PPC) advertising, you should be making the switch to HTTPS too if you don’t want anything negatively impacting your search engine rankings. Try it for yourself, type ‘divorce solicitors’ and see whether HTTPS or HTTP websites appear on the first page.

And, as previously mentioned, Google has taken further steps to allow users to identify when they are entering a website that isn’t secure but flagging them as ‘not secure’.

5. Keeping everything safer and more secure is simply a better option for everyone.

Ultimately, it’s a better experience for both your firm and your clients and shows that you take their security seriously and minimises the risk of your firm being open to data breach claims.

What are the best practices when implementing HTTPS security for your law firm?

1. Use well-known security certificate issuers

To achieve HTTPS status, you need to obtain a security certificate for your site which takes steps to verify that your web address belongs to your organisation. You should get this from a reliable certificate authority (CA).  We get all our client’s certificates from https://www.securetrust.com/

There are two common types of certificates available. We recommend using an “Organisation Validated” (OV) certificate.  This involves an audit that checks the applicant is a legitimate business and owns the domain used for the website.  Other types of certificates don’t do this audit, which makes them cheaper, but we don’t think that’s good enough for business use.

2. Install your  certificate onto your site

The next step, and one that it’s best that your website developer/agency does, is to install your new certificate on your site.

3. Ensure any redirects go to your HTTPS pages

Permanent server-side redirects for pages are recommended by Google.

4. Request that your new website has been indexed and crawled

There are free URL inspection tools you can use for this, and these will tell you whether a particular page has been crawled or indexed. You can request that a page is crawled, or recrawled by Google through Google Search Console.

Ready to migrate over to an HTTPS website?

So, it’s clear that HTTPS is the future of the web. So, it’s probably time to migrate your site over to HTTPS. There are risks associated with website migration, including an impact on SEO. But in the long term, an HTTPS website is bound to positively impact your firm.

At Conscious, we can help switch over your site to HTTPS in a way where risks are minimised and the switch is painless. So, if you’re ready to make the switch to HTTPS contact our team on 0117 325 0200 or email us at sales@conscious.co.uk.