Web Hosting Blog
From shopping online to managing our finances and connecting on social, we’re completely dependent on websites. Rather naïvely, we’ve traded our trust for these conveniences. We’d never buy merchandise in a shady street from the back of a truck. Yet that’s exactly what we’re doing when we don’t check the security of a website.
We’re getting fooled by fake websites that designed to take our private information and hard-earned money. This blog is intended to give you tips on how to tell if a website’s safe, so you can protect yourself.
Let’s start at the top of your browser as it holds some clues. The address bar is where you can see the web address. Secure websites have an address that has an “S” at the end of HTTP. The “S” stands for “Secure”. They also have a padlock icon on the browser. So, if you see HTTPS and padlock, the connection is encrypted. Encryption is enabled by a website owner purchasing and installing an SSL certificate from a globally trusted Certificate Authority (CA).
But what about the company behind the website? How do you know it’s not a criminal with a secure connection? The type of SSL certificate tells you a lot about who’s behind your website connection.
There are three types of SSL certificates and each one requires different levels of vetting by the CA. A Domain Validation (DV) certificate simply requires proof you own the domain and provides encryption only with no business validation. Unfortunately, even phishing sites can pass this level of scrutiny, so many phishing sites still appear secure with an HTTPS connection. Google now displays a “Not Secure” warning on all websites that aren’t encrypted with at least a DV certificate.
There are two premium SSL certificates that include encryption as well as business validation. An Organization Validation (OV) certificate requires proof you’re a legally legitimate organization, but the visual indicators aren’t significantly different than for a DV certificate from a visitor perspective. The highest-level SSL certificate is Extended Validation (EV) and provides the most proof that a website belongs to a fully-vetted business validated organization. It also offers clear visual cues to visitors, including the universal trust symbol, the green address bar.
Website owners can also implement a comprehensive website security solution to protect you and their business. cWatch Web is a cloud-based multi-stack solution that protects against malware, DDoS attacks and many other threats.
With the right knowledge and tools, you can be confident your connection is safe and secure.