Encryption has become a very important part of maintaining an acceptable standard of security while browsing the web and storing data. Large enterprises and organizations have been using encryption for a long time, and even the average consumer uses encryption each and every time an online purchase is made. Did you know that the protection afforded users by encryption is made possible thanks to security certificates?
Websites that have security certificates take advantage of HTTPS, which stands for Hypertext Transfer Protocol with an S at the end for security. These certificates are used to provide security for a website’s visitor. Ordinarily, when a user plugs data into a form, like an email address or Social Security number, this data wouldn’t be protected while in transit. However, thanks to most organizations that collect this type of data now having security certificates on their websites, your data is safe. For examples of how HTTPS is used, look no further than banking websites or just about any online retailer like Amazon or eBay.
A great way to describe online encryption is by comparing it to a pipe. With a normal HTTP connection, your data is traveling through a transparent pipe. Anyone looking at it from the outside can see that which flows through it. Hackers can spy on it and steal data while it’s moving from one location to the next. If you’re using an HTTPS connection, however, the pipe has more of an opaque tint to it. While you can still see the insides, it’s unclear what is traveling through it and very difficult to get a clear glimpse of it. This is why it’s so difficult for hackers to take advantage of encrypted data. They might have the data, but it’s often so jumbled and difficult to piece together that it’s not worth the effort, or impossible, to decipher it.
While you can’t expect your employees to understand the finer details of how HTTPS works, you can expect them to understand online security best practices–especially those which pertain to keeping credentials like passwords and usernames secure. Make sure that your employees know not to input sensitive data into websites without first checking for these security identifiers.
Make Sure It Has a Security Certificate
Before plugging in a password or sensitive credential to a website, make sure that it’s protected by a security certificate. To find out if it’s equipped with one, look for a green padlock icon that appears next to the URL’s name in the address bar. Granted, even if it has a security certificate, you want to check which type of encryption it’s using, as there is a significant difference between SSL and TLS. For example, SSL is vulnerable to threats like POODLE (a man-in-the-middle exploit), making TLS a more desirable protection.
Be Wary of Suspicious URLs and Domains
Hackers will often create fake sites that are designed to mimic a reputable organization’s own website, only it will be designed to harvest credentials. These sites might have misspellings in the domain name, or numbers in the place of letters to make it look as legitimate as possible. Before plugging in your credentials, make sure that you’re actually looking at the organization’s website. Be sure to check the domain and cross-reference it with the information that you have on file.
For more great ways to keep yourself safe online, reach out to Setton Consulting today at 212-796-6061.