Everything you need to know to safe when surfing the web
A while back the guys came to me and said, “Carl, we need someone to write a guide on how to stay safe on the internet.”
I said that sounds like that last thing someone like me should be doing. After all, I have to ask permission to get on the internet. At work. Like a middle schooler during the dial-up era. I mean, it does make sense. I had a ransomware infection within my first hour of working here [Editor’s Note: Literally 51 minutes into his tenure. 9:51 AM on his first day, Carl comes to us and asks what a bitcoin is, then says he needs two].
They said, no Carl. You would be perfect for this. So here we are. This is Cautious Carl’s Guide to Staying Safe on the Internet.
The Only Surefire Way to Avoid Trouble on the Internet is Abstinence
That’s right. The only surefire way to avoid catching something on the internet is abstinence. And just like Forrest Gump, that’s all I’ve got to say about that.
But let’s be honest, the only people that aren’t on the internet nowadays are the ones with a foot in the grave. Even newborn babies have Facebook accounts now, the nurses are wiping them down immediately following birth and they’re already posting selfies, “getting a sponge bath. #baller #newbornlife.” [Editor’s Note: Thanks for putting that image in my head, Carl].
My point is, you’re going to use the internet. So if you want to stay, safe, here’s what to look out for.
Let’s Start with your Browser
Your browser is your portal to the internet. Think about it, without your browser, what could you do online? Nothing. I’ll just go ahead and answer that for you. If you were to draw a Venn diagram and you had the group of people who can do anything meaningful on the internet without a browser in one circle and the group of people who need to read an article about how to spot a bad website in the other and I’m beyond certain that the two wouldn’t overlap. There is zero overlap. So the answer is none.
There are dozens of browsers, and if you want to be the MOST secure I could certainly suggest a specific browser and settings that would practically make you a specter online. [Editor’s Note: Could you really, Carl?] Someone here at this company could suggest a specific browser and settings that would practically make you a specter online. [Editor’s Note: That’s better].
But for our purposes, here’s the advice I’m going to give you. At the crossroads of security and user experience, the best two browsers – in my opinion – are Mozilla Firefox and Google Chrome. Pick one of these and make sure that you have toggled your security settings to your tastes.
Specifically, you need to go to the settings section and find the Privacy and Security settings. Make sure you have your web filter enabled, that you’re sending “Do Not Track” requests along with your traffic and then make sure to tweak your content settings to control what sites and services can access certain areas of your systems.
Keep in mind, this isn’t foolproof. Sites and ISPs can ignore the “Do Not Track” requests, things can slip through browser filters and there’s always some new malware or exploit awaiting you. But by using a reputable browser and making sure you’ve got your security settings arranged properly you’re laying a good foundation.
I’ll have a follow-up article with some suggestions on how to set your Security settings in the future.
How to Tell if a Website is Fake
In addition to your browser settings, I would recommend a strong antivirus program as well.
Now, let’s move on to the actual web. You’re going to be interacting with websites and web pages. Most of these will be legitimate and safe—but some are designed to trick you. If that seems overly simplistic, it’s because it is. But bear with me.
The biggest threat to your safety online is the theft of your personal information. This can be used to impersonate you at financial websites, at medical websites, and to commit identity theft and fraud. A recent study by USA Today showed that identity theft is most Americans’ number one fear in terms of potential crimes they may realistically face. Obviously, people are more scared of murder. But a lot of us don’t wake up each day with a realistic fear of being murdered. It’s kind of a sign of how well off we are in the civilized world. There’s probably someone somewhere who would fill out that survey and answer “Tigers.” We’re just worried about someone pretending to be us.
Anyway, I’m getting off track. Protecting your personal information and private data are the name of the game. When I say “stay safe online” I don’t mean safe in a physical sense. I mean keeping your data and personal information safe.
To that end there are certain things we can look for in websites that kind of tip us off when sharing our data or information may not be safe. Let’s talk about some of them.
The Address Bar says more than just the URL
Take a look at your browser’s address bar. It’s telling you a lot more than just the URL of the page you’re on. It’s telling you whether your connection with that page is secure. It might even be able to tell you authoritatively who made the page. Those are important things to know when you’re deciding whether or not you can trust a website.
Because that’s what the entire web is based on: trust. You’re willing to shop, bank and network online because you trust the spaces you’re doing it in. If you didn’t, you wouldn’t feel comfortable sharing the information required to transact there, whether that’s banking information, personal identification or some other form of data.
I rarely speak categorically, but I will here. Never give any information of any importance to a website who’s URL doesn’t start with HTTPS. You’ve probably noticed that every URL starts in either http:// or https://. That little S is so important because it’s the difference between an encrypted connection where nobody but the intended recipient can see what you’re sending or an unencrypted connection where anyone who wants to can see it. Basically it’s the difference between whispering in someone’s ear and shouting across the room.
You wouldn’t shout sensitive information across the room. Other people could hear it. That’s why you don’t transmit it via HTTP. You need encryption. No encryption is a non-starter. Don’t ever trust a website without it.
Beyond just verifying that your connection with the website is secure, the address bar can also provide other information. For instance, it might be able to tell you who created and administers the site. After all, just because your connection with a website is encrypted doesn’t mean you know who you’ve made the encrypted connection with. Is this website real? Are these people who they say they are?
One way to tell is via your browser’s address bar. Some, very forward-thinking companies have made this process of verification easy on their customers by investing in something called an Extended Validation SSL certificate. An SSL certificate is the software behind the encryption we just talked about, and when a company gets an EV version, it displays its name in green font next to the URL in the address bar. This is sometimes called the green address bar.
The green address bar offers instant, irrefutable proof of a website’s identity. If the website you’re on has its name displayed in the address bar you can be assured of two things:
- This company has been officially vetted by a trusted third-party security organization
- It is safe to send personal information and sensitive data on this website
What if I don’t see the company’s name in the address bar?
Just because a company’s name doesn’t appear in the address bar doesn’t mean it’s unsafe. Quite the opposite, in fact. Most SSL certificates are not of the Extended Validation variety. But that doesn’t mean they don’t still supply information about the entity that registered for it.
One of the best-kept secrets on the internet is that you can click the padlock icon in the address bar and view information about the website. When you do this you will see one of two things:
- The website has an Organization Validated SSL certificate, you will see verified business details listed in the certificate details
- The website has a Domain Validated SSL certificate, you will only see the name of the entity that owns the domain
Obviously, if you see a company’s business details in the certificate information you can trust the website. These details have been painstakingly verified by a third-party security company and are trustworthy.
If you don’t see company details you have reason to be a little suspect given the lack of information available on the site. This doesn’t mean you have to write the website off entirely, it just means your antennas should be up.
What else should I look for?
One of the biggest things that helps you identify legitimate websites are site seals or trust marks. You’ve probably seen them before and not even realized it. The Norton Secure checkmark. The BBB logo. Maybe a PayPal or Visa logo. These are trust seals. They’re placed on a website to tell you that a company has been vetted successfully by a third party, whether that’s a payment company live Visa or a web security company like Symantec.
You need to click on these too. You should be shown real-time identifying information that verifies that the website is in good standing. You can fake a trust mark or site seal from the standpoint of adding a small image file to a page. You cannot fake the dynamic qualities.
Use Common Sense on the Internet
I think “Use Common Sense on the Internet” might be one of the most obvious, yet least heralded pieces of advice in existence today. But seriously, if something smells fishy, don’t trust it. If it walks like a duck… you get it, right?
Don’t believe outlandish claims. Be skeptical of everything. It’s sad that needs to be your default outlook on the internet, but that’s just how it has to be.
If you follow the advice I gave you – you use a good browser with good security settings, check the address bar and vet the websites you’re visiting and just use good common sense – you should be fine online. Just keep to the well-lit areas. It’s like any big city, really.
Stay Cautious, my friends