Unless you want your clients and potential clients to receive a “Not secure” notice when they try to access your website, it’s time to get yourself an SSL certificate. It’s not hard and many hosting companies include one as part of their packages. Ask your web developer…sooner rather than later.
This is particularly good advice if you are a professional service provider (e.g., lawyer, accountant, health care provider). Your client relationships are explicitly based on trust. Now imagine how a client or potential client feels when they arrive at your website and they see a “Not secure” warning. Doesn’t really inspire confidence and trust, does it?
Here’s an important observation on all this: at present, we know secure pages are secure because the browser tells us so. We know non-secure pages are not secure because the browser doesn’t tell us that they’re secure. Get it? It’s the principle of being insecure by default and that’s what we’re increasingly moving away from. Remember also that this applies to any website the browser loads so merely being behind the firewall browsing the intranet won’t keep the warnings away. If you’re not serving all those internal business systems over HTTPS then your internal users are going to be told that they’re “Not secure” too (and no, telling them to ignore warnings is not a behaviour you want to encourage).
Source: Troy Hunt