How to spot Websites that are ‘not secure’ and ‘dangerous’

You may not have noticed, but there are clear markers, specifically security symbols that let you know how safe it is to visit and use a site. The one you want to keep an eye out for is the Padlock icon before the name of the website that you are consulting in your browser. The Info or Dangerous symbols are the ones to avoid entirely. But how are they allocated? Why is a website deemed to be 'secure'?

EMAIL & WEBSITE SECURITY - PART 5

How to spot Websites that are not ‘secure’ and ‘dangerous’

In the description of the constituents of the URL address provided in Part 1 of our info-series, the starting HTTP code is a necessary feature, specifically a protocol, to connect you with the server where your domain is actually located.  With HTTP being the foundation of any data exchange on the internet, the addition of the ‘s’, becoming HTTPs, implies ‘secure’ and constitutes a huge step towards greater internet safety, facilitating privacy and data security for web communications.  This added protocol encrypts the data exchange between web applications and servers. 

An earlier version of this protocol is called Secure Socket Layer (SSL), which is being replaced by a more enhanced encryption version on top of the HTTP protocol, specifically Transport Layer Security (TLS).  While the “s” still features after HTTP when web browsers are loading a website, the protocol running HTTPs is TLS, which is steadily becoming the norm. 

The main browsers, Alphabet’s Chrome, Mozilla’s Firefox, and Microsoft’s Edge (previously Explorer) are flagging non-HTTPs websites

The deployment of new domains through CMS providers are by default prompting the use of this enhanced security layer making it standard practice for users to look out for the padlock icon  that appears in the browser.  Any other website that is preceded either by info icon or warning icon means the site is simply not secure or even dangerous and so should be avoided altogether.

In more technical jargon, a certificate will be installed on the origin server, which is conventionally still termed an SSL certificate though it is running the TLS protocol.  This certificate is a form of passport, listing domain ownership, the server’s public key, so that the identity of the server can be validated.

This concludes our five-part series on website and email security

Thank you for staying with us on this journey and we hope you have enjoyed reading – as much as we have had in designing – these insights.  As promised they were intended to be short & sharp bursts and give you the confidence to ask more probing questions. 

In sum, the combination of 1) email messaging using your domain address, 2) the code behind the website domain itself, 3) the content management system used to help build your internet presence, along with 4) established conventions regarding internet transport protocol, together, represent avenues through which threat intelligence can be gathered.  There are myriad software developers who provide scanning services, however understanding the vulnerabilities that your website is exposed to is the first line of defence. 

Our aim in providing our free website security report is to explain the technology behind the surveillance tools and highlight potential vulnerabilities to make your on-line experience a more secure one. 

Why don’t you request a free website security report now? 

We hope you enjoy reading our research, designed for professionals who are not IT experts but thirsty for knowledge about the everyday tools to operate a business – your email and website.

Share:

Facebook
Twitter
Pinterest
LinkedIn

Leave a Reply

Your email address will not be published.

On Key

Related Posts

WEBSITE SECURITY REPORT

GOLD

Imagine you own a house and want to add an additional floor. First you have to review and strengthen the foundations. This service builds cybersecurity foundations to facilitate growth in a resilient, timely manner.

This service will also provide the company with a cybersecurity risk assessment and improvement plan but with significantly more support from a senior consultant to help the company embed improvements in a continuous, timely manner

SILVER

The dreaded car MOT is looming. It’s the unforeseen wear & tear that results in some necessary annual maintenance. Our cybersecurity review will highlight what needs to be done as your engineers.

In addition to the context gathering stage and security footprinting service, a senior consultant will perform a risk assessment to understand the company’s cyber risks and provide recommendations. They will also be available to undertake monthly calls for answering questions, providing guidance and checking on whether risks are reducing.

BRONZE

You’re embarking on a more active lifestyle, chosen to go on a diet and get in shape. Think of this service as the cybersecurity equivalent of the personal trainer, helping you along the way.

After an initial context gathering stage, a junior security consultant will be available once per month to answer questions and provide recommendations based on company goals and activities. A cybersecurity footprinting service will allow the company to continuously monitor its external security posture.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.