Gretel Egan | November 05, 2014

Security Spotlight: https

You’ve no doubt heard some of these common https refrains:

  1. If you’re logging into a site on open WiFi, you must use https.
  2. Https adds an important layer of security to online communications.
  3. If you’re on free WiFi, https can help keep your communications safe.

There’s not a thing wrong with these messages about https; in fact, they are quite right, and they are present in our own training about mobile and WiFi security. And if you’ve been sharing these messages with your employees, you are doing them — and your organization — a great service.

It’s important, however, to recognize that https is not a guaranteed ticket to online safety and security.

shutterstock_176379614_https_crop

The Difference Between Secure Connections and Safe Sites

It’s true that https adds a layer of security to online communications — but this is only of value if you are on a trusted site. When you consider the second point above, the assumption is that if you are logging into a site while on an open-access WiFi network — i.e., no password, no security measures — you are dealing with an established, known site and an existing account. In this case, https is a must, and it will offer the protection you’re looking for.

But you must understand the distinction between a “secure connection” and a “safe site.” Https does ensure the security of the connection you make with a website, meaning that the communications you have with that site are secure. Https is geared to protect the information you exchange with a website from eavesdropping and tampering (two dangerous threats associated with free WiFi). Https does not, however, mean the site itself is safe to visit.

What Makes a Site Safe?

The third point in the intro above is correct; https can help keep your communications safe. Yes, an https site is one that has a security certificate. But that shouldn’t be confused with the idea that an https site has been certified to be safe. These sites can have vulnerabilities or be designed to serve malware. As a recent — and extremely clever — Dropbox phishing scam illustrated, your information can be compromised on https just as it can be on http.

As with most online activities, caution is the key to cyber security. Your knowledge and understanding will guide you online. Stick with trusted entities, be mindful of tricks and traps, and think carefully before clicking links or downloading files. These behaviors will help you browse safely and avoid online security threats.

Click below to learn more about our URL security training and our other interactive education modules

Try Our Interactive Training

Subscribe to Our Blog

2018 State of the Phish Report  Protect your organization from phishing attacks. Download Now
2018 Beyond the Phish Report  Protect your organization from threats including and beyond phishing. Download Now