Secure (HTTPs) vs unsecured (HTTP): How to tell if a website is safe
- Written by ESET
Chances are, you rely on the internet to do your work, connect with people, monitor your bank accounts and shop for everyday necessities as well as fun items. It’s ingrained in our lives, but how can you tell if a website is legit? You may have even come across sites with a “not secure” message, and other websites starting with HTTP, and wondered what that all meant.
We asked the experts at ESET to explain the difference between secured and unsecured sites, and how we can stay safe online.
What does HTTPs mean, and are HTTPs sites safe?
Any time you visit a website, you’ll see “http/” or “https/” in front of the URL. What does the S in HTTPS stand for? The answer is “secure,” and that one letter holds a lot of meaning in terms of a site’s security.
Hypertext Transfer Protocol (HTTP) is an older technology that describes the way servers and browsers speak to each other. But that “language” isn’t encrypted, so it’s essentially exposed — making it easier to hack those sites and access sensitive information. That’s why HTTP sites have the “not secure” message.
On the other hand, URLs starting with HTTPs (Hypertext Transfer Protocol Secure) confirm the site is encrypted. It not only safeguards the site from cyber attacks, but it also protects information submitted by the site’s users with the help of Secure Socket Layer (SSL) technology. In a nutshell, it keeps any data that passes between the site’s visitors and servers private. Think usernames, passwords, tax file numbers and credit card details.
It is in the interest of site owner to have an SSL certificate. It does not only activate padlock but also ensures about data integrity and security. If you do wonder, which one to buy SSL among several types then, check your domain list. For example, if you have unlimited subdomains under main domain then, a budget friendly or cheap wildcard SSL can do a great job. In other case, you can go with single domain or multi domain SSL.
If you own a website, investing in a SSL certificate pays off in more ways than one. It makes it harder for hackers to do their job, plus it shows your users that you care about cybersecurity. Along with having the HTTPs URL, you’ll get a green lock sign in the toolbar — which is a huge trust signal.
What to do if you visit an unsecure site
In an ideal world, every site you visit would have that trusty green lock sign. Unfortunately, not all site owners take measures to protect their users, even if they regularly process payments and record sensitive information.
So, if you do land on an unsecure site, tread carefully. Don’t enter any personal details, such as your full name, phone number or email address, or any banking or credit card information. Without the HTTPs website name and SSL security, there’s no guarantee your information will be kept safe and private — no matter if you think the site is otherwise legitimate.
5 tips for safe internet browsing
The internet can feel like a vortex, but following these best practices can make it a safer place to browse and enjoy!
-
Steer clear of questionable websites
Along with using your gut instinct, there are a few red flags to look for. If you’re unsure whether a website is suspicious, ask yourself these questions:
-
Does the site have a privacy policy? Most countries have strict privacy laws, which require sites to state how they collect, use and protect data.
-
Does the site have legitimate contact information? A safe website with nothing to hide should have contact information, such as a phone number, email or physical address. In addition, e-commerce sites should have clear return policies.
-
Do you see a “secure” or “verified” icon? Along with HTTPs, these badges are trust signals that confirm the site has cybersecurity measures in place.
-
Only download software or files from sites you trust
There are tons of free software programs floating around the web. Before downloading anything, double-check the site is trustworthy by looking for the HTTPs URL and working through the checklist below.
-
Learn the signs of site malware
Are all HTTPS sites safe? No, HTTPs isn’t foolproof. Sometimes, hackers manage to access secure sites and infect them with malware. If you’re suspicious about a trustworthy site, look for these signs:
-
Excessive pop-ups. In particular, steer clear of any pop-ups
-
Maladvertising. Before clicking on any banner ads, hover over them to check the URL. And avoid any ads that tout miracle cures or countdowns, contain spelling or grammar errors or feature products that don’t reflect your browsing history. They could be malicious.
-
Unusual logos or images. If you spot any design elements that don’t quite match up with the site’s ideology or business, that could be a red flag. For example, cybercriminals may try to hack a political site and replace the logos or images with their own.
-
Redirects that don’t match. Hackers often redirect entire sites. So, if you type in a URL and you’re taken to a different, suspicious site, exit immediately.
-
Listen to search engine warnings
Major search engines like Google automatically scan sites for malware, and place warnings on any fishy site. If you come across a comment that says the site has been compromised or involved in a data breach, don’t ignore the warning.
-
Install a good antivirus software
While you can download free software online, it’s worth investing in a paid, premium version to protect your devices. ESET Internet Security offers a multi-layered defence against a range of cyber threats, and works to detect, analyse and block those attacks by securing endpoints (or entry points) of “end user” devices, like laptops and phones. It also scans your router for vulnerabilities and prevents unauthorised users from accessing your WiFi network.
Once you’ve installed your antivirus software, set up auto updates. Manufacturers are constantly releasing patches to respond to flaws and threats, so it’s really important to keep your software current. The same goes for your computer or phone’s operating system (OS). Whenever you get a notification about a software update, accept it ASAP.
Stay safe online with the best antivirus software
The internet is an incredible tool, but it isn’t perfect. As well as avoiding websites that don’t have HTTPs, your best defence against cyber attacks is downloading an antivirus software like ESET Internet Security.
Protecting your devices and blocking cybercriminals will give you and your family peace of mind you need when you’re browsing online.