If you’ve followed our blogs for any length of time, you have probably learned a few critical methods of protecting yourself online. You know that it’s unwise to follow links sent via email, and you know to check a website’s credentials before entering sensitive information (like usernames and passwords). You might have learned to check for “HTTPS” at the beginning of a URL, and you might be under the impression that this prefix always signals a safe, encrypted website.
You are partially correct. Yes, the “HTTPS” does indicate that a particular website has been encrypted, and is therefore generally safer to use. Unfortunately, that old rule isn’t enough to keep you completely safe anymore, because hackers are increasingly identifying methods that help them use encrypted websites to conduct their nefarious business. It seems they’re always one step ahead of us!
Cyber criminals can accomplish this task in a few different ways. Some simply hijack a legitimate website (that has already been encrypted) and can then access information entered on that site. However, others will actually go to the trouble of building their own website and then encrypting it! Authorities that issue safety certificates lack the ability to penalize fraudulent websites in any meaningful way. So, even when a site is reported, all they can do is revoke the HTTPS certificate. They can’t abolish the website or remove content from it.
So, yes, there might be times that you see “HTTPS” or a padlock symbol in your browser’s address bar, and mistakenly assume a site to be authentic. This underscores the importance of making sure that you are logging into the correct site, and not a copycat site built to look like a genuine business (your bank, for example). The old advice regarding links sent via email holds true, even if you follow the link to what appears to be a legitimate, encrypted website. You can’t be sure that the site is not run by scammers.
So, remember, don’t follow links that you receive via email. Instruct your employees in the same manner. Also, allow knowledge of your various login credentials only on a need-to-know basis, and change your passwords when a crucial employee leaves the company.
Any time you need to log into a bank or other service provider’s website, type in the address that you know. This is the only way to be sure you are visiting the correct website.
For more information on keeping yourself and your company safe on the internet, give us a call at 888-RING-MY-TECH. We can review your security protocol and make recommendations for changes, to protect your data, your customers, and your lifelihood.