Internet security has been a trending topic for a long time due to the sensitivity of some of the information shared over the internet. Imagine how many people pay for purchases through online means? How many people withdraw money directly to their phones from the bank? All the logins and passwords you enter in your sensitive accounts. All these warrant a point of concern as long as internet security is concerned.
A sense of relieve is always experienced when you realize that the website you are using has a green padlock and the HTTPS initials. The ’‘s’ denote secure. However, as a point of concern, a secure connection does not always translate to a secure website. Even a hacker can register a website and get all these green padlocks as well as the HTTPS initials. So what now can we do to stay safe?
Data must be protected while in transit and while at rest. By this, we mean that not only should HTTPS and its associated SSL be concerned about the transit but also at the server’s end. Although this is tricky because server access is restricted to the beholder, we can say that these CAs companies should put more due diligent while issuing the certificates.
Each individual should also take extra caution to ensure that the website they are transacting with looks genuine from the face perspective by ensuring that the domain name matches the one you intended to use. Don’t rush to sign in any website you find on the wed requesting for your information.
Some bots can trace your cookies and try to sign in the websites you have visited as you. As such, it’s always good to keep the online trail as vague as possible by deleting the search histories as well as clearing the cookies if you are using a public network. If you are a website owner, get an SSL from a trusted dealer or provider.
There are different categories of SSL certificates, and we shall mostly focus on the extended validation certificate. Before getting this kind of certificate, the issuing company is required to ensure that it has verified legal ownership of the business as well as of the concerned domain. The physical address and country of operation are required.
Under the US data protection rules, any person who handles sensitive data is obliged by law to take necessary steps to ensure that the collected data is secure. Failure to do this can expose you to legal liabilities for any damages and losses originating from your laxity.
SSL pulse which is a company that checks on the effectiveness of websites found that almost 90% of sites were vulnerable to an attack irrespective of having the https. For example, a survey done by SSL pulse found out that only about 25% of the websites could withstand a beast attack which is a program that can read encrypted data.
Necessary steps to ensure that you always stay safe on the internet:
- Always check for the authenticity of the site you are about to enter your sensitive data. Although, this is one of the works of the SSL to ensure that you are communicating to the right target, always recheck the domain names as well as any suspicious adverts or pages on the page. If you become suspicious, stop entering your sensitive data on the site.
- Always ensure your system security is up to date. For example, Kaspersky’s internet security continuously checks for long extensions which are significant characteristics of phishing websites and warns you of any potential threats. Make it a habit to always never visit the internet if your antivirus programs are not up to date.
- Use a private WIFI or a VPN when using a public network: a VPN encrypts data from one end to the other including the HTTPS itself. What a VPN does is give you a different face from your original. For example, a VPN can provide different IP addresses, and this makes it hard for hackers and data phishing companies to trace you.
- Don’t rely on free SSL certificates if you are handling sensitive data: Majority of the Free SSL certificate are only effective for authentication but not for total security perse. For example, Cloudflare SSL certificate encrypts data only half way and submit the information in an unencrypted form to the servers. As such, any person who has access to the data before it reaches the final destination can decode steal the content.
- Keep personal data limited on the internet. Always enable the privacy setting in social media accounts or any other sites you frequently visit. These settings are not always easy to find because these companies, for example, Facebook wants to have as much as information regarding you as much as possible. Companies like Google also want to know every move you make on the internet. With the same level of keenness do hackers want to get your online information. Making it easy for them to find this information exposes you to a lot of threats.
- Be careful on what you download or on the sites you visit. Cybercriminals and hackers will try to trick you into downloading an infected file that contains malware that can steal data or read your activities on your device. Having the malware in your device is an already enough threat which is worse than even running data on an unencrypted route. To stay safe, constantly run trusted programs that are meant to detect malware from your devices.
- Work on your passwords. Choose strong passwords which are hard to guess. You can use password manager programs to manage your password. These programs generate and stores strong passwords.
Be cautious irrespective of having the HTTPS on a site
As you have seen from the above discussion, having an SSL certificate is not all that is required to stay safe on the internet. There are various ways in which data security can still be compromised. Unfortunately, irrespective of HTTPS ad the SSL claiming to offer security, you cannot know the intention or the kind of character behind a website. For example, a criminal can make a website and still manage to get the green padlock as well as the HTTPS. The only way to stay safe on the internet is to stay alert.