Browsing the internet is usually safe. But what if you come across a less secure website? Cybercriminals will be able to access your PC, direct you to their own payment page or otherwise commit fraud. While, with just a little expertise, this can easily be avoided. Cybersecurity provides some easy-to-check safeguards that greatly reduce your risk. Learn how to recognise and visit trustworthy websites without worry.
Step 1 in secure browsing: https:///
Website addresses starting with https:// are generally considered safe.. You can also recognise them by the lock in front of the website URL. With the lock and the ‘s’ in https:// the connection between your PC and the website is encrypted.
With this encryption, third parties – cybercriminals – cannot alter or change the data traffic between your PC and the website. This also ensures that all data actually originates from your own PC or the website server – and not from someone else.
Today, a large proportion of websites already use this technology. Some browsers even warn about websites that do not have this protection with a pop-up.
But the lock and the https:// are not sufficient proof of a secure website. Cybercriminals are also aware of this technique. They even abuse free certificates for their crimes, when they use them to avoid firewalls inspecting the content of their data traffic. These firewalls may be specially configured for this – but that is another story.
Step 2: Checking the security certificate
Website owners who want to secure their website therefore install a certificate that sets up the encryption. Every visitor can easily consult this certificate: click in your browser on the lock icon in front of the URL and a pop-up will appear, which tells you if
- the certificate is issued for the correct URL
- it is still valid.
This way, you can check that the website you are visiting is the correct one you want to see.
Step 3: Is it an EV or OV certificate?
Certificates come in different types and they’re not all the same. The first distinction is between free and paid certificates.
A free certificate is quickly created and is usually for one particular website. Free also means that someone with bad intentions can quickly generate this type of certificate for a rogue website. For example, most people do not notice the difference between https://www.netcure.be en https://www.nettcure.be…
A free certificate lacks the verification of the organisation or the applicant: anyone can request a free certificate for any domain name..
Of course, online criminals can also abuse paid certificates, but the threshold is much higher for doing so on a large scale. The costs for a criminal rise pretty quickly, which is what they are trying to avoid.
That’s why, for paying certificates, there is an OV option (organisation validation). In that case, the identity of the company is checked before awarding the certificate.
One step higher is the EV certificate (Extended Validation). The identity of the company and the applicant are extensively and strictly verified in this case. Web shops and online payment pages typically use these EV certificates.
THEREFORE, if you want to make important transactions online, check the website’s certificate just to be sure.
Would you like more information on which certificate to apply to your own website? Give us a call and we’ll brainstorm together.
Trust us, we’re crazy about cybersecurity!