CyberSecurity for Families and Friends — Secure Communication (http Vs https)
In the first episode in this series, we discussed different aspects of cybersecurity, which included Information, Network and Application security. We also said that cybersecurity includes disaster recovery and user education. We streamlined the focus of our 30-day series on User education. This second episode focus on helping you to understand how your data move through the internet and if they are actually secured or not depending on the website or app you entered these information into.
The information that we input into different e-commerce, social media or any other applications that connect to the internet can either be sent through a secure or insecure message. If the communication channel is insecure, it means that someone using some type of software can capture the information along the transmission path and view the actual plain text you sent. This happens when you communicate using ordinary hypertext transfer protocol(http) instead of the secure version, http secure (https).
The http protocol DO NOT encrypt the information you are sending. So they are sent as-is in plain text. This means that anyone ‘listening’ to the transmission over the internet can view the information. This means that you should not enter any sensitive information such as PIN, Bank details, social security number and more, in a website that is based on http. As shown in the figure above, a normal http-based website has an ‘open key’ or an ‘i’ (for insecure) in the address bar. There are many people out there trying to steal your login through insecure sites that were deliberately designed to look like the one you use everyday. Always try to look at the address bar to be sure it is the correct website or that it is still secure.
On the other hand, a https website uses the secure version of http and therefore your information is encrypted before transmission over the internet. A https website often has a Secure Socket Layer (SSL) certificate installed. It enables your information to be encrypted, that is, changed into a form that a man-in-the-middle will not understand even if s/he listens and copies what is being transmitted.
As families and friends often wants to start blogs for various reasons, ensure that your host includes SSL certificate into your website if you are collecting login details of your users. However, if it is just the open blog where you simply display contents, you may not bother.
Understand too that some websites have both the http and https versions. Always look twice before you enter sensitive data. You can try to change into the https version (if they have it) by entering https://www.websitename.com.
Another reason why you need to look twice is that some hackers do succeed in removing the SSL certificate of some sites and the next users who have previously trusted this site will become victims before the site owner gets to know what is going. This has actually happened to a crypto-currency exchange I used in the past.
In Summary, the first step in securing your data online is to ensure you enter your sensitive information in secure websites. Look at the address bar of your web browser to see if the site has a ‘locked padlock’ and if it doesn’t have that, then do not enter your sensitive information in the website.