Every day internet users come face to face with decisions that impact both their privacy and security and in many cases they are completely unaware of the risk at hand. These Web users may not notice that they are potentially putting their information in jeopardy, and even if they do, they may be unaware of how to evaluate whether or not they should proceed. As companies move their applications increasingly to a cloud based infrastructure, they must understand and fully review the associated privacy and security considerations. While businesses and organizations conducting business online are regulated in a number of different areas, these regulations may be nuanced. So consumers and every day internet users and web “surfers” must also take caution as they conduct their business professional or personal on the internet.
At some point almost every modern Internet user has had an experience in which they visited a Web site where a product was being sold and immediately and instinctively decided to not enter their personal and financial information because site appeared to not be reputable based on its outward design. Basically they have judged the book by its cover. This may be similar to a reaction you would have in handing your credit card to a vendor standing in front of a make-shift table on the street. This practice of course works in some cases and it is smart to be cautious when sharing personally identifiable information (PII) online or any other time. So it begs the question, how does a person know if the site that they are using to make a purchase is secure and will protect their private information? Beyond the “look and feel” of a site, there are additional ways to identify if sites are protecting your information from unintended exposure and ways to learn about how the company will be using your information after it has been gathered securely.
You must ensure that the business (and its web site) is a trusted source (as in a reputable business), and for the remainder of this discussion, we will assume that this is in fact a trusted source. So we will not get into a discussion of exploits like phishing, where someone may be trying to scam or steal your information. First, let’s look at the actual process of submitting your information in a form on a web site. What are the elements that should concern you? When you are submitting your personal information over the internet (personal information could include Social Security Numbers, Credit Cards, your Mothers Maiden Name, Favorite Pet name and any and all of those things that identify you and your safeguards on identification), you need to be sure that the information is being transferred securely-just so that it cannot be stolen, copied or at risk in transit itself. So on submitting you need to look to a trust indicator. For a website, a trust indicator is commonly a lock and the lock in some cases can be different colors. Generally Green is good – This indicates the site is100% Secure and the Certificate matches the site that it is residing on to give the secure connection. This further indicates that the website is using HTTPS and will be transmitting your information securely. You can select the lock and when you do it will present information about the Websites security on the screen or in the browser window. Some reports will provide information on the lock types and what the colors or different lock types indicate as related to security. Your internet browsers help will also have information on what the different lock types indicate.
Some Practical Steps to protect your information:
- Look for internet trust indicators, look for the browser padlock, is it Green or does it read 100% secure. If not perhaps you should not enter information even if you trust the company, the reason being is the connection may not be valid or may not be encrypted. Your best recourse may be to contact the customer support contact and tell them there is an issue with their site connection.
- Further, when you are actually on a shopping cart that is asking for your private information (credit card details, etc…) take a look at the URL that is displayed at the top of your Web browser itself to ensure that the site is using HTTPS rather than HTTP, Hypertext Transfer Protocol Secure (HTTPS). “The main idea of HTTPS is to create a secure channel over an insecure network. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks, provided that adequate cipher suites are used and that the server certificate is verified and trusted.” (http://en.wikipedia.org/wiki/HTTP_Secure)
- Finally, if you are unsure read more and educate yourself on internet security. You can run a quick test on an educational tool that test privacy basics, http://www.compliancedetector.com/
- You can read about the browser padlock for each of the browsers on their respective sites:
- Check out the tips for internet security/ Identifying fraud at the FBI’s website: http://www.fbi.gov/scams-safety/fraud/internet_fraud/internet_fraud
- The Federal Trade Commission maintains a Bureau of Consumer Protection: http://www.ftc.gov/bcp/index.shtml
In closing, it is always best to verify the trust that you put in an online product or service provider. If in doubt the best thing is to ask the questions here in this post and if you still have doubts, pick up a phone and order via a secure phone call. Remember, if you feel unsure, do not click the submit button!