This would be a great first step, maybe a new T0.5 in the transition plan. Get people on board by securing the data they are sending around, and the secure the pages they are reading later.