By Brittany Llorente
Media Marketing Associate
The internet can be a treacherous place.
So, take this – it’s dangerous out there.
Today is Safer Internet Day. According to Days of the Year, “Safer Internet Day came to exist officially in 2012, when the US Department of Homeland Security and the European Commission decided it was time to help shepherd the growing beast that was the Internet into a playground that was safer for our youth.”
You might be asking yourself, “Well, this is a random holiday, but what can I do to celebrate?”
First is to look at your own online safety. Here are a few tips on what you can do to make sure your experience online is a safe one.
We have touched on this a few times in previous blogs. Having a secure password is essential for protecting your information on the internet. Make sure you are using an individual password for each website that you visit. If you don’t think that you can possibly manage that many passwords, check out a password manager which will auto-fill each web page that you visit and remember your password for you.
In addition, keep your passwords strong. The United States Computer Emergency Readiness Team recommends users:
- Use multi-factor authentication when available.
- Use different passwords on different systems and accounts.
- Don’t use passwords that are based on personal information that can be easily accessed or guessed.
- Use the longest password or passphrase permissible by each password system.
- Don’t use words that can be found in any dictionary of any language.
- Refer to Tips on Choosing and Protecting Passwords and Supplementing Passwords for best practices and additional information.
Don’t get phished
Phishing is a global issue that targets every internet user.
According to the National Institute of Standards and Technology, “Organizations worldwide stand to lose an estimated $9 billion in 2018 to employees clicking on phishing emails.”
The NIST website has a great video on raising awareness on phishing titled “You’ve been phished.”
This year, Google released a quiz titled “Can you spot when you’re being phished?” This quiz illustrates how hard it is to recognize a phishing attempt, but helps to identify different ways that phishers are attempting to steal your information through emails.
Check the site’s security
If you are on a site and you see a closed padlock in the search bar of your browser, or the word ‘secured,’ it’s a general assumption that your browser has identified a website certificate that encrypts your information.
According to US-Cert.gov, “if a website has a valid certificate, it means that a certificate authority has taken steps to verify that the web address actually belongs to that organization. When you type a URL or follow a link to a secure website, your browser will check the certificate for the following characteristics:
- the website address matches the address on the certificate
- the certificate is signed by a certificate authority that the browser recognizes as a “trusted” authority”
Before entering your information on a site that shows this, be sure that you can trust the certificate.
“The level of trust you put in a certificate is connected to how much you trust the organization and the certificate authority. If the web address matches the address on the certificate, the certificate is signed by a trusted certificate authority, and the date is valid, you can be more confident that the site you want to visit is actually the site that you are visiting. However, unless you personally verify that certificate’s unique fingerprint by calling the organization directly, there is no way to be absolutely sure.
When you trust a certificate, you are essentially trusting the certificate authority to verify the organization’s identity for you. However, it is important to realize that certificate authorities vary in how strict they are about validating all of the information in the requests and about making sure that their data is secure. By default, your browser contains a list of more than 100 trusted certificate authorities. That means that, by extension, you are trusting all of those certificate authorities to properly verify and validate the information. Before submitting any personal information, you may want to look at the certificate.”
Here are a few more references on website certificates: