If you didn’t already know Google Chrome (release: Chrome 68) in July 2018 will start to make all HTTP sites as ‘Not Secure’ – think on that for a moment.
From day one my blog has been running on HTTPS – it might seem silly to run a blog over HTTPS, especially when Let’s Encrypt was not as easy as it is today but I felt I should run a blog site the way I’d run my own business. That’s why I also try and implement X-Headers correctly along with Content Security Policies and other security headers of value. If your website is not already secured with an appropriate certificate and TLS/SSL settings you really need to hurry up and sort that out.
Users are being taught to look for the words ‘secure’ when they browse and seeing a message which tells them the site is note secure can easily turn them away or worry them. An Internet which is fully HTTPS is the ideal world but I imagine many organisations will be caught out by this, especially smaller ones which lack internal expertise or just people who keep up to date with developments. Spread the word and make sure everyone is ready for the change!
Certificates are freely available via Let’s Encrypt – https://letsencrypt.org/
Googles blog post on the Chrome changes – https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html