Major brands face meltdown in Google security overhaul

Tens of thousands of websites, including those for top UK retailers Marks & Spencer, Next, and Very, will soon be branded “unsafe” by Google – with users being forced to click past a warning to access the site – unless they switch to the HTTPS certificate in the next two months.
Google announced in September last year that its Chrome operating system would to stop trusting Symantec-issued SSL/TLS certs, and from mid-April browser users will be warned that their connection is not private and someone may be trying to steal their information.
The change will come in a new version of Chrome – due for public release on April 17 – and the problem will get even bigger on October 23 when “version 70” is released and all Symantec certificates will be listed as not being trustworthy. Decision Marketing has discovered that M&S, Next, Very, Debenhams, TK Maxx and even the BBC have yet to implement HTTPS certification.
One security engineer Arkadiy Tetelman, who works at Airbnb, has already run a test of the one million biggest websites on the Internet, and although just 11,510 will be hit in April, nearly 10%, a not inconsiderable 91,627, will be affected in October.
In a blogpost, Sprydigital partner Ken Moire said: “Having HTTPS is a factor in improving your site’s search rank in Google. Displaying this message to your visitors can have a negative long-term impact on your brand’s trust, and worse, keeps you and your visitors open to potential malicious attacks.
“While this change currently only impacts users on Google Chrome, other browsers have historically followed Google’s lead on security issues. Firefox to Microsoft Edge will likely follow suit.”