TechAdvisory.org

Technology Advice for Small Businesses

What HTTPS means for cybersecurity

As people’s reliance on the internet deepened through the years, cybercriminals also began to move more stealthily. Online shoppers, for instance, can be led to a payment page that has no HTTPS in its URL. If they enter their personal details on this page, they will be a prime target for identity theft without them knowing. Here’s why you should make sure that the websites you visit have a little padlock icon before their URL, and an “S” after the “HTTP” prefix.

HTTPS encryption

The “s” in HTTPS stands for “secured”. It was introduced in 1995, so older websites that have been left on its own without regular maintenance usually don’t have it. But even to this day, unsecure websites exist, and fraudsters can easily take advantage of them.

When you visit a site with an HTTP connection, everything you type or click on that website is sent without encryption. This means that anyone who intercepts the data transferred between the website and your computer can readily view them. Cybercriminals can exploit this fact to gain access to your personal data, Social Security number, credit card information, and the like. This puts you at risk of identity theft and other fraudulent activities.

HTTPS certificates

When you visit a website, your computer uses an online directory to translate its alphanumeric name into a numerical address. It then saves that information on your computer, so that it doesn’t have to check the online directory every time you visit the same website.

In the event that your computer gets compromised, it could be tricked into directing a perfectly safe web address like www.google.com to a malicious website. Most of the time, users are sent to sites that look exactly like the legitimate site, but are actually fake copies designed to trick them into divulging their credentials.

To prevent such things from happening, the online directories mentioned earlier issue an ecosystem of certificates that turn HTTP into HTTPS, making it impossible for anyone to be redirected to a fraudulent website.

How does this affect our daily browsing habits?

We often visit a multitude of websites in a short period of time without checking each one for padlocks and certificates. Unfortunately, we can’t ignore the importance of HTTPS, so here are a few things to consider the next time you browse the internet:

  • If your browser marks a website as “unsafe,” think twice about clicking “Proceed anyway.” Only click the prompt if you are absolutely certain nothing will be transmitted.
  • Add web browser extensions such as HTTPS Everywhere that create encrypted connections to unencrypted websites. These extensions encrypt your communication with websites, and are compatible with Chrome, Firefox, and Edge browsers.
  • Always be vigilant. Some sites may have HTTPS but it doesn’t mean they’re safe. For example, goog1e.com (with the “l” replaced with a one) could have a certificate, but the misspelling indicates it to be an untrustworthy site. Cybercriminals use similar spellings of authentic websites to fool people into thinking that they’re in a secure site. This is called typosquatting or URL hijacking.
  • And perhaps, just follow the easiest step of all: avoid sites that don’t use the HTTPS protocol.

If you want to learn more about safer browsing habits and endpoint security, give our office a call.