Cybercrime is on the rise, putting us and our customers at risk of serious harm.
Last year, in the healthcare industry alone, nearly 250 million critical records were stolen through cyber attacks.
Banking information, Customer data, Personal health information and much more are all at risk.
Let’s look at how HTTPS site security is making the Internet safer.
What is HTTPS?
The familiar “HTTP” that heads our web addresses stands for Hypertext Transfer Protocol.
This is simply the universally agreed upon coding on which the Internet is built.
When an “S” follows the “HTTP” this means that site is secure.
But the S itself isn’t what’s making the site secure, so let’s look a little closer.
HTTPS websites have been issued an SSL (Secure Sockets Layer) certificate that will be used to help verify the authenticity of the website.
SSL is now part of a more comprehensive security protocol called Transport Layer Security or TLS, but it’s still commonly referred to as an SSL certificate by many web design and web hosting companies.
This TSL works to maximize site security.
The Risks HTTPS Seeks to Address
Symantec a respected internet security research and security organization recently released a report outlining many of the risks.
Despite increased talk in the news about hacking from foreign governments, the US appears to originate more cyber attacks than any other country.
China comes in a distant second.
The healthcare sector faces an uphill battle as it works to make medical records accessible to medical providers, insurance companies, and patients while still complying with regulations.
HIPAA, the law that protects the privacy of medical information imposes stiff penalties for mishandled medical information, and yet 1/2 billion personal information records were reported stolen or lost last year.
39% of that number have been determined to be the result of malicious data site security breaches.
Ransomware usage in on the rise. In these cases, a user inadvertently triggers the download of a virus that hijacks the computer or a network making it completely inaccessible by the business until a ransom is paid.
Hackers use various techniques to compromise your computer and access your data. HTTPS works to reduce these risks.
How HTTPS Is Improving Site Security
We buy online. We bank online. We meet people online. We share our lives online, expecting information to be safe or at least restricted to that site. If you’re running a business site, your customers trust you to keep their information safe.
Fortunately, we’ve gone from around 23% of websites are using SSL Certificates (HTTPS) to secure their sites to over half of sites incorporating site security technology.
That’s good for business and good for people. Let’s look at some specific ways that it accomplishes this task.
The TSL (described above) verifies that the site you loaded is actually the site you were trying to load rather than an imposter.
For example, when you’re banking online, you may need to enter your bank account, credit card number, ID number or other personal information.
You must trust that you’re on the right site.
If you were trying to pull up Twitter, Amazon or eBay, someone with nefarious intentions could pretend to be the site in order to acquire your username and password to hijack your account. HTTPS prevents this.
Each time you enter information onto a website, that data is transferred through the server to reach its destination.
Data in transit is always at risk of being intercepted by someone who wished you harm.
The TSL encrypts all data being transferred between you and the site. Encryption is the act of changing any data that you entered onto a website into a ‘secret code” called ciphertext.
If anyone were to intercept it, it would appear as complete gibberish.
What if you were logging into your Google Adwords account and someone intercepted your username and password?
This person could use your account without your permission and if your credit card were linked to it, charge it all to you. How much damage could they do before you figured it out?
Fortunately, HTTPS prevents that through TSL.
Because they can’t read it, they also can’t change it.
Imagine if when you were sending a tweet, someone could simply change what you said or attach a different video or image.
What if someone could completely rewrite your email as it traveled through cyberspace to its destination.
As much as we might like to be able to say that’s what happened when we say something stupid, fortunately, it’s not possible because of TSL encryption.
HTTPS also prevents your ISP (internet service provider) or the government from tracking what you’re doing.
If they so choose, they can see your browsing history, but they can’t see beyond the site level.
If for example, you’re on Amazon, they can see that you visited Amazon. But they cannot see what you searched for, what’s in your cart, purchase history or any other information that would be far over-reaching without a warrant.
How to Know if You’re Safe
When you’re on an HTTPS site, the web address will appear in green with a padlock beside it.
This tells you that you’re safe while on this site.
HTTPS can’t, however, keep you safe if you use the same username and password on a regular HTTP site and your HTTPS site.
Those with malicious intent can simply get your password from the unprotected site and log into your HTTPS site. Never use your high-security HTTPS password on a low-security HTTP site.
Limitations of the HTTPS
We now share as much data through mobile apps as we do through our Internet browsers.
The good news is that most reputable apps that require you to enter data that could be compromised using similar secure, encrypted connections.
The limitation at this time comes in the fact, that you can’t always tell which ones do and which do not.
HTTPS websites require additional bandwidth. They can take longer to load. Because of this some sites that are hesitant to jump on board.
It’s not Perfect
No security measure can prevent 100% of attacks. But HTTPS certainly makes it a lot harder for the “bad guys” to target an HTTPS site’s customers vs. an HTTP site.
Stopping Cybercriminals in Their Tracks
HTTPS helps you keep your customer data safe. It’s not perfect, but you certainly don’t want to be without it.
If you’re transferring critical customer data, make sure your site is HTTPS. Send cyber criminals looking elsewhere for victims of their cyber crimes.
To learn more about how to keep customer data safe and your site running as it should, reach out.