The warning isn't decoration. Here's what it actually means and when to walk away.
Chrome, Edge, Safari and Firefox all show a 'Not Secure' badge next to any web address that doesn't use HTTPS. Most people learn to ignore it. The badge isn't decoration — it's telling you that everything you type into that page can be read by anyone sitting between you and the server: the cafe WiFi, the airport WiFi, your ISP, an attacker on the same network.
When you visit a Not-Secure page, the data travels in plain text. Anyone on the same WiFi can read every character you type — passwords, credit card details, personal information — using free, widely-available tools. A coffee-shop network is the most common place this happens.
If you're at home, browsing a quirky old blog or a forum that hasn't bothered with HTTPS, and you're not typing anything sensitive — the warning matters less. The risk is when you input data, not when you read.
Any site asking for a password, a credit card number, or any kind of identity information must be HTTPS. No exceptions. A genuine business cannot afford NOT to have HTTPS in 2026 — it's free, it takes ten minutes to set up. A Not-Secure login page is either incompetent or hostile.
If you visit your bank, supplier, or normal SaaS app and it suddenly shows Not Secure when it never did before — close the tab immediately. You're probably on a network that's intercepting your traffic, or the link you clicked led to a phishing site that mimicked the real one without bothering with a certificate.
Not Secure = no HTTPS, low to medium risk depending on what you do. Dangerous / Deceptive site ahead = the browser believes this site is phishing or malware. Never proceed past the red full-page warning. Don't click 'Advanced' to bypass it — that's the option for IT debugging, not normal browsing.
Every domain we manage has a free Let's Encrypt certificate auto-renewing every 60 days. We monitor for expired certificates and alert before any client-facing page shows the warning. If your site is showing Not Secure, that's a 10-minute fix on our end — call us.
Lots of the bad-website warnings line up with the same defensive habit: stop, look, type the URL yourself.
If a site you own or use professionally is showing the warning, that's a one-call fix. SSL setup, renewal automation, redirect cleanup — same day in most cases.
A Support Representative will get in touch.
A Support Representative will be in touch the same business day.
No deck, no pitch — walk your environment with a senior Australian practitioner. Confidential by default.
I built this business because I wanted to do Managed services properly — for a small number of clients, at a senior level, with the same person on the end of the phone every time. The work is too important and the stakes are too high for anything less.
Behind the formal qualifications: a Cyber Security degree from the University of the Sunshine Coast, currently working on my Master’s, plus a continuous stack of Microsoft, Acronis and Nerdio certifications — the ones that have to be renewed because the threats don’t stay still.
Behind the certifications: thirty years of doing the work. I cut my teeth in consulting, then went to Cisco on the team building the original iPhone — Cisco’s VoIP handset, the trademark Apple later acquired in the 2007 settlement. At TPG in 1999 I sold frame-relay networks when frame-relay was the cutting edge of business connectivity. I built and sold a Sydney-based MSP called Online IT before relocating to Perth.
Three decades of watching what’s actually changed and what hasn’t. The technology has changed almost beyond recognition. The principles haven’t. Identity first. Backup that has actually been tested. A senior practitioner who knows your environment. Calm in an incident. Honest answers when the answer is “no.”
That’s whedo.it. That’s the brief. That’s why long-tenure clients don’t leave.
— Warren Ephron, Director