by John Nicholas
Everyone uses a web browser — Internet Explorer, Firefox, Safari, Chrome, etc. — and everyone has an opinion about which one is best and which one is most secure. Whichever web browser you prefer to use, however, there are some basic safety and security tips that apply to all of them.
Many of us are familiar with the term Hypertext Transfer Protocol (HTTP), which appears at the beginning of most web addresses. This is one of the earliest protocols used on the web. It essentially negotiates the terms of the connection between the client (you) and the server (the website). Once the terms are agreed upon, you can view the website.
But HTTP — while still in use on some websites — is no longer considered secure.
HTTP has been replaced by Hypertext Transfer Protocol Secure (HTTPS), which is a secure extension of the HTTP protocol. The data exchanges via HTTPS are encrypted and are designed to withstand attacks from hackers. HTTPS is considered secure against those and other types of internet-based attacks.
If you come across a website whose web address only contains “HTTP” and not “HTTPS,” do not enter any personally identifiable information such as a username, password or credit card number. (If you are using a VPN, your risk is mitigated somewhat, but not entirely.)
If a website with whom you do regular business is still using HTTP, please contact them and request that they improve their security. It is in the best interest of you and everyone else. If you are running a website that is not HTTPS, then it is time to update your security.
There several ways to know if a website is HTTPS. The easiest way is to look into the address bar of your browser. It should say https://name-of-website.
Another way to verify the security is that many browsers will put a small lock in the address bar indicating that a website is encrypted with https. Further, many browsers will warn you when you come across a website that is not using HTTPS.
But that in and of itself is not enough to guarantee the legitimacy of the website, nor is it enough to guarantee you are 100% safe even when it is a legitimate site. There are other steps that you can take to secure your browser and your internet safety. Take the following steps on all of the browsers on all of your devices.
First, never store your passwords in a browser. If you have this feature enabled, disable it and clear your stored passwords. When asked if you would like to save the password for this site, always choose “Never for this site.”
Second, block pop-ups and scripts. Pop-ups are mostly forms of online advertising that are intended to attract web traffic or capture your email address. Some pop-ups from reputable companies are safe, but the adware programs that generate illegitimate malware pop-ups and spam can install spyware to hijack your browser and capture your personal information. You can override the pop-up blockers for the legitimate pop-ups as needed.
Scripts are small pieces of computer code that can be embedded into a webpage for things like completing forms. But they can also be used to gather personally identifiable information, your location, or other information about your browser.
I recommend that you disable popups either through your browsers configurations or by installing an efficient browser extension called AdBlock. You can also install NoScript, which pre-emptively blocks malicious scripts and adware.
Be aware that this will change your browsing experience. These will block both legitimate and illegitimate pop-ups and scripts. It may appear that a website is not working correctly. For example, a website may say “click here to register,” but then nothing happens. In those cases, you simply need to click on the plug-in icon — usually at the top right-hand corner of the browser — and allow that pop-up or script to run.
If you clicked on the button or link that is part of the website, the pop-up or script is most likely legitimate. What you want to guard against are the scripts and pop-up associated with the advertisements on a website.
Third, block cookies, or at least third-party cookies. Cookies are small files which are stored on your computer and designed to hold a small amount of data specific to a particular user or visitor. This can be necessary and useful for both the user and the website. But not all cookies are necessary, nor are they safe.
First-party cookies are stored by the website you are visiting. They allow the website owners to collect analytics data, remember language settings, and perform other useful actions that help your experience on the website. Third-party cookies, on the other hand, are created by domains other than the one you are visiting and are used for cross-site tracking, retargeting and ad-serving. While they might not always be malicious, they are tracking information about you that may be used by the third party or sold to other interests. Block these for sure.
Under your web browser settings, usually under “Privacy and Security,” there is usually a choice to block all cookies or block third-party cookies.
There are more steps you can take to make your browser even more secure, but for most users, these are a good place to start.
I would like to hear your questions and concerns for future articles. You can reach me at firstname.lastname@example.org.
Dr. John B. Nicholas is a Professor of Computer Informations Systems and co-founder of the cybersecurity degree track at the University of Akron. Dr. Nicholas has over 30 years of experience in the technology field, in both the private sector and higher education.