When is the last time you thought about your website’s security? If you’re like most HVAC contractors, the answer is, “Never. My web guy handles that stuff.”

As a business owner, you’ve undoubtedly heard the saying, “You can expect what you inspect.” Trust me when I say now is the time to inspect your website’s security.


Do yourself a favor and open up a website browser, like Google Chrome, Mozilla Firefox, etc., and enter your website address. Next, look just left of your website address and tell me what you see. If you’re like most contractors, you probably see a small, gray “i” enclosed in a circle. This is pretty benign, right? You, along with most of your website visitors, have probably never noticed it.

Click on that little icon, and you’ll get an alarming message: “Your connection to this site is not secure.”

While you may not fully appreciate what this message means, you can probably guess what I’m about to say next: It’s not good, and you need to make some changes.

Let me explain why.


Let’s get geeky for a minute. HTTPS stands for hyper text transfer protocol secure. In plain English, HTTPS is the secure version of HTTP, which is the protocol used to exchange data between your website browser and the website you’re connected to. The “S” on the end stands for “secure” (duh), and it means that all communications between your browser and the website are encrypted.

Why does HTTPS matter? Well, while you may not think much about the security of your website, it’s more important to your business success than you may realize. Converting your website from HTTP to HTTPS is important for a few reasons.


The first reason you should secure your website is for the benefit of your prospects and customers. Your online visitors have an expectation of privacy. For example, when a prospect fills out a form on your website to get a free estimate, he or she expects that the information they’re providing is going to someone at your company, not a hacker. The same is true when a current customer schedules a service request.

Someone’s home address, phone number, email address, or account number with your company may not be as sensitive as a credit card or a social security number, but you should still take some basic steps to ensure that the information your website visitors share with you stays between you and that person. With a secure site, this information is encrypted.


The second reason you should secure your website is because popular website browsers, like Google Chrome and Mozilla Firefox, are slapping non-secure warning labels on all HTTP sites. In the latest version of Google Chrome, the encircled “i” is now followed by “Not secure.”

A user no longer needs to click on the “i” to see that your website is not protected. And sometime soon, Google plans to replace the encircled “i” with a red triangle containing an exclamation point followed by the “Not secure” warning for good measure.

Similarly, the latest version of Firefox, which launched at the end of January, now shows a gray lock icon with a red strike-through in the address bar for HTTP (unsecure) sites. Before this, Firefox used a neutral indicator (no lock icon) for the non-secure HTTP sites and a green lock icon in the web address bar to denote a site’s security.

It doesn’t take a marketing guru to understand how these changes will impact consumer behavior.


The third and final reason to convert your website from HTTP to HTTPS is because doing so will boost your search engine rankings on Google. Back in August 2014, on its security blog, Google said, “Over the past few months, we’ve been running tests to take into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms.”

Google followed that up with, “We’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”

My team at Blue Corona is in the process of securing all our HVAC clients’ websites, and we’ve seen as much as a 30 percent increase in Google organic search traffic after transitioning from HTTP to HTTPS. That is a significant boost in traffic from a change that is simultaneously beneficial to your prospects and customers. Talk about a win-win.


If your website is not secure, you are potentially exposing your prospects’ and customers’ data to hackers, and you’re likely losing leads and sales to competitors who have secure sites. That’s the bad news.

The good news is that the fix is fairly easy.

The first thing you’ll need is an encryption certificate to ensure that all data passed between your web server and your visitors’ browsers remain private. With this installed, you’ll next need to update your entire site to HTTPS. This means updating all your links, including some you wouldn’t intuitively consider, like images, style sheets, Java script files, and fonts from other websites.

Here are some other important considerations when making the switch from HTTP to HTTPS:

• Make sure that your tracking isn’t lost — You need to update links to those important marketing tools, like Google Analytics, Google Search Console, and call tracking;

• Check for broken links — Do a technical code and structure sweep of your site to test the integrity of XML sitemap, internal links, content/site features, etc.;

• Update as many external links as possible — Check all links under your control, like Facebook, LinkedIn, Google My Business, etc.;

• Ensure the HTTPS version of your site is indexing and getting impressions in Google Search Console — Failing to do so can cost you valuable website rankings and traffic;

• Check that the htaccess file is doing an automatic rewrite from HTTP to HTTPS — This way you won’t have duplicate versions of your site; and

• Finally, test your site speed — Google uses site speed as an important criterion in organic search ranking, so you want to be sure yours has not slowed for any reason.


Should you try to do all of this yourself? If you’re tech savvy, go ahead and give it a shot. Depending on the size of your site and the number of links, the whole move may take a couple of days to a week.

If you aren’t tech-savvy, trying to convert your website from HTTP to HTTPS is a recipe for disaster. Not only can a botched transition totally screw up your website, it can also destroy your site’s Google rankings. Those of you who read my articles on a regular basis know I’m a big fan of “doing only what only you can do.” Even if you can figure out how to convert your site to HTTPS, is an initiative like this the best use of your time? Probably not, but I’ll leave that up to you. Whether you take this on yourself or outsource it to a professional, one thing is certain: The time to act is now.

Again, fewer than 5 percent of the more than 8,000 HVAC contractor websites we analyzed are secure. This means that forward-thinking, proactive contractors can get a serious jump on the competition — at least for a little while.

Publication date: 3/13/2017

Want more HVAC industry news and information? Join The NEWS on Facebook, Twitter, and LinkedIn today!