The web isn’t the Wild West it used to be, but even the most well-known sites can pose a security risk if you don’t keep your wits about you.
Barely a month goes by without details of a new web site hack hitting the headlines and email inboxes are deluged with spam every day, all with enticing invitations to visit suspect web sites. This can all create confusion when it comes to keeping track of what’s safe and what’s not when you’re online, but there are some simple tips to help make sure you minimise the risks.
Whenever you visit a web site, a connection is made between your computer and the one the site is stored on. With most sites, the connection is an ‘open’ one, which means someone could spy on what you’re looking at. This is actually harder than it sounds, but still possible.
When you’re just reading site, there’s nothing in the data you download to put you at risk (unless it’s been hacked — see below). When you’re uploading data, however, there is.
When you log into a site with a username and password, for example, you send that over the internet and again, someone could intercept it. That’s why sites should always use an encrypted connection when you log in — it makes it almost impossible for anyone but the site to see what you’re sending.
Your web browser shows when a website is using an encrypted connection by putting https at the start of the web address, rather than http (the ’s’ means ‘secure’). You’ll also see a padlock symbol and/or a green highlight in your browser’s address bar, and you can usually click this to see more about the site’s security.
Be very wary of logging into sites without an https connection — they’re transmitting your login details in a way that isn’t secure. Sites don’t always have to be suspicious for this to happen, just badly designed. So if you’re ever unsure, don’t sign in.
Watch for web browser warnings
Web sites are often hacked without their owners’ knowledge. Hackers are usually looking for users’ log-in details, but they sometimes install malware to sneakily infect the computers of anyone who then visits.
This is called a ‘drive-by download’ and there’s often no way of knowing when it happens to you. Fortunately, most web browsers stop it before it happens by displaying a warning about the site’s insecure status.
Web browsers will display similar warnings if you inadvertently click a link for a site that isn’t what it claims to be. This can happen with phishing emails warning of ‘account problems’ — they may look like a familiar web site, but they’re just trying to steal your data.
Review a site’s privacy settings
Web sites don’t need to be hacked to be insecure and even the most trusted can leak personal data with weak privacy settings.
Facebook is a great example. It has plenty of options to make sure your posts and photos are only seen by your friends, but not everyone bothers to check fit they’re set properly.
So always check the privacy settings for any site that stores your personal information to see who they share it with.
Don’t overshare with social media
Lots of sites and smartphone apps let you sign up using your Google, Facebook or Twitter account details. It’s all too easy to connect one service to another and then forget about it — and some of the naughtier ones might keep tabs on what you’re up to and send spam messages to your friends.
So check your connected social media apps on a regular basis and remove any you no longer use. For Twitter and Facebook, you’ll find this option under Apps in your account settings. For a Google account, look under in Security – Apps and web sites in your account settings.
Cover your tracks
Web sites can also be a little underhand when it comes to tracking how you use them. Almost all track visitors for performance purposes. This is harmless enough and the information just helps sites know how many visitors they get and which pages are most popular.
When a web site carries ads, however, advertisers can also track the web sites you visit after you leave and they may display ads that follow you around the web. Simply seeing the same ad everywhere you may not be a concern, but do you want an advertiser to know what you’re doing on the web?
There are ways to browse the web anonymously to avoid this kind of tracking, but a better option is to install a browser extension that blocks advertisers’ web trackers behind the scenes.
Ghostery is a good one and it’s free for a variety of browsers
See what’s WOT
Another web browser extension worth installing is WOT. Short for ‘Web of Trust’, this shows handy safety indicators for web sites you visit and search for. These show how ‘safe’ the site is on a traffic-light scale, based on feedback from thousands of WOT users. This rates both trustworthiness and how suitable the content is for children — and you can rate sites yourself.
WOT won’t stop you from visiting an unsafe site, but it’s an easy way to spot ones that might be suspicious before you click. WOT is a free download for all popular web browsers.