So much has been written about the “web addresses” we use to visit websites that most of us don’t even think about them as we navigate (and click) our way around the Internet. Most browsers will issue a warning if a user is about to visit a known dangerous site, such as a phishing site.
However, that doesn’t necessarily mean the browser will automatically flag all unsecured sites. Even for those it does flag, the warning may seem ambiguous to many users. Additionally, a secure site can still have links that, if clicked, will take the user to other sites that are not secure.
Website links may all seem the same; however, overlooking subtle differences can result in substantial security issues. Let’s examine some of the differences that enable web users to ensure they are visiting safe, secure sites.
- HTTP versus HTTPS:
Most of us are familiar with HTTP, which is the protocol by which nearly all information travels across the Internet (unless it is transmitted by a non-standard browser). On the other hand, the “S” in HTTPS represents “secure,” meaning that the protocol is secured through an additional layer. The “S” is an SSL (Secure Sockets Layer) certificate, which authenticates a website’s identity and enables an encrypted connection.If a user were to provide sensitive data, such as a password, credit card number, or any other form of data via a website or a web application, sending it via HTTP (without the S) would cause it to be transmitted as plain text. Anyone — including cybercriminals — could intercept and read that text.Therefore, anyone surfing the web should always ensure that HTTPS is part of the website address when they visit a site (see Figure 1).
- Look for the Lock: Many contemporary browsers have eliminated HTTP/HTTPS from the URL (uniform resource locator, AKA, the web address). In its place is a closed lock icon. On most browsers, this lock will be visible at the far left of the web address (see Figure 2).
- Check for Third-Party Verification: A variety of professional organizations now specialize in providing attestations that sites are secure: that data submitted to a site, such as credit card information, will be safe, and any links embedded within the site are safe to click.This verification, often referred to as digital identity and access management, is generally provided via digital certifications and/or what is called a “trustmark.” Originally used to ensure government business security, these are increasingly popular with organizational leaders who wish (or are required) to meet unique internal, customer, or jurisdictional security and compliance requirements.One company that provides a comprehensive array of services and solutions is TrustArc, which helps companies “build, implement, and constantly demonstrate privacy program success.”
Visit IT Solutions’ website to learn more about internet and network security, and to sign up for a complimentary network and security assessment.
We also invite you to request a complimentary, no-obligation consultation with our experts by calling 866.PICK-ITS (866-742-5487).
