How to determine if a website is secure

As information security and risk management professionals, you are likely aware of the warning signs on a website or page that let you know if it is secure or not. The general population, however, may not always be as aware of the signs. In January, we mentioned that of the top 1 million domains, 46% are running vulnerable software, are known phishing sites, or have had a security breach in the past 12 months.

Here are a few key signs to share with your employees, friends and family that will alert them if a website or domain they are using is secure or not:

1. A secure website uses encryption, evidenced by two very clear indicators. The first is a closed padlock on your browser, either located in the status bar at the bottom of your window or at the top of the window between the address and search fields, depending on the browser.
2. The second element is a URL that begins with “https:” rather than “http:”. The https treatment is proof that the site is using the HyperText Transfer Protocol Secure technologyto encrypt data between its servers and your computer. Encryption helps protect your information from being intercepted by someone else.
3. If you see a “Secure and Verified” or similar badge at the bottom of a website, click on it. If it’s legitimate, a page should pop up displaying the correct certificate and verification information. If the information does not match up with the website you’re visiting, it is not legitimate and most likely not secure.
4. The site makes offers that seem too good to be true. This can indicate a possible scam or the sale of illegal or pirated products.
5. You are asked for a credit card number as a verification of identity or for personal information that does not seem necessary.
6. Be very careful about clicking on realistic-looking retail ads that pop up on your screen while you surf the Web. Pop-ups often don’t take you to a website at all, but rather to a phony operation designed to steal your personal information.
7. The site has a physical address or phone number. If they do, that’s a good sign that the business is for real. “Reputable companies will post their location and phone number so you can get in touch with them if there’s a problem,” says Salter. Call the number for reassurance.
8. Be wary of a site chock-full of grammatical and spelling errors. That includes the Web address–there’s a world of difference between www.yahoo.com and yhoo.com.

What are your tips to share about website security? Post them in our comments area, below!