In the early days of the internet, the common answer to this question was pretty simple: the little lock in the browser bar indicating that the site has a security certificate. Times, however, have changed as this lock is no longer sufficient enough information. In 2018, Google Chrome removed the ‘secure’ indicator on sites that use https. It replaced this with a ‘not secure’ warning for sites that only use HTTP. In one way, this is a sign of good success as internationally as many sites as possible use the HTTPS protocol that encrypts all the information passed on the page. Unfortunately, though, this much-needed step does not eliminate all the security and privacy pitfalls web surfers now confront.
Checking for HTTPS is the minimum precaution you need to take to secure your data online. If there’s no HTTPS then connection to the server is not encrypted which means that anyone listening in on to the network you’re at is able to see all your discussions with the server. This can include your username and password or even more valuable personally identifiable data.
The following aspects should also be considered for security purposes:
- Double-check the URL
Having an encrypted connection website is no help if you’re not on the site you meant to load. Major search engines work hard to keep from sending you to infected sites, but you could easily end up on a bad site by clicking on a link, especially in a spam email. So while you’re checking for the lock, make sure you’re actually on the site you mean to be on. - Do a little research
If you still don’t feel secure, trust your instincts – especially if you’re considering making an online purchase. Before you click ‘buy’, you can do some basic research, such as: Is there a phone number? Is there a location?You can also use sites like Wayback Machine to determine how long the site has existed in its current form. If the site has only been around for a brief while and used to have another identity entirely, this should make your suspicious. - Make sure you are running endpoint protection software
Having an encrypted connection website is also no help if you’re connected to a malicious website. Unfortunately, there’s no obvious sign that a site has been infected.New tricks like online skimmers can suck up your credit card details on an official site that has a green lock and amazing reputation that has lasted decades. That happened to customers of Ticketmaster.com, Newegg.com and British Airways, for example, and there was no way they could have seen it coming.That’s why using endpoint protection that blocks threats like Magecart, which deploys online skimmers, is essential. - For privacy, use a VPN
Even if a site is encrypted by HTTPS, there’s someone who always knows which websites you’re searching – such as your internet service provider or the l;ocation you are working at, such as a coffee shop, which could be compromised if they get hacked.This is where a VPN becomes important because instead of entrusting a local ISP or others with information on what you are accessing online, you should have the ability to encrypt all the communications between your PC or mobile device such as a smartphone, and the provider.
A VPN for this purpose is available in F-Secure FREEDOME which is also part of F-Secure TOTAL.