What is Website Security?
Websites are hosted or stored on servers located all over the world. We use search engines such as Google to access and view these websites over the internet. Why do we need these websites to be secure and what does website security actually mean?
When you are browsing a website you are simply viewing the information on that site whether that be text, images or videos etc. This doesn’t pose any risk to your personal data being taken. So how could your personal information be at risk and where does having website security come into play?
Giving away your personal information
If I were to just ask you for your name, address and date of birth would you give me that information freely? Most likely not! You may say “I would never give away my personal information to just anyone”, but I bet you have already done so.
Each time you fill in and submit an online form on a website you are handing over your personal and potentially sensitive data to the owner of that website.
Now you may want that company to have those details even if they are just your name, phone number and email address. But you want ‘only’ that company to have access to it. This is where SSL and HTTPS come into play.
A contact form would look something like this:
What are SSL and HTTPS?
SSL stands for Secure Sockets Layer, this has now been replaced by TLS which stands for Transport Layer Security. Although TLS is the modern protocol used today it is still commonly referred to as SSL. This is the way in which data is encrypted before being sent to a website over the internet. You don’t need to know how these work in depth but here is why it is beneficial and necessary.
SSL provides a secure channel between two machines or devices operating over the internet. We are specifically looking at when SSL is used to secure communication between a web browser such as Google Chrome and a web server which is where the website is stored. Using this encrypted tunnel turns a website’s address from HTTP to HTTPS, the ‘S’ standing for ‘secure’.
Why are SSL and HTTPS important?
HTTP is insecure and is open to eavesdropping attacks because the data being transferred from the web browser to the web server is transmitted in plaintext. This means attackers can intercept and view sensitive data with relative ease.
What data could this include? It means that potentially someone could intercept and see such information as your credit card details, online account logins, online banking login details and more.
This is why before sending any information through a website it is essential that we make sure that it is using SSL and HTTPS. When data is sent through a browser using HTTPS, SSL ensures that such information is encrypted and secure from interception.
How to tell if a website is secure
Web browsers such as Google Chrome have made this easier for users to identify if a site is secure or not. They have added at the top of the page next to the web address bar a padlock icon 🔒 if the website is secure and for some sites the name of the website also turns green.
Another way is to see if the web address has HTTPS in front of the name of the website.
For instance this websites address is https://www.how2useit.com
The https:// shows that it is secure and you will see the padlock at the top of the address bar.
If a website has no padlock but has an ℹ️ or says ‘Not Secure’ then it is not using HTTPS and is not secure.
So you should be wary about entering your personal information on such websites.
What have we learnt?
We have seen the implications of website security and how to keep your personal data safe by learning that:
- SSL and HTTPS are to help protect our personal information
- How to know if a website is secure with HTTPS
- How to see when a website is not secure using HTTP
- To only enter personal information on secure websites
We hope that you have found the article useful and we hope that you can continue to stay safe online.