12 Security Questions to Ask Before Accessing Any Website

With the increase in business conducted over the internet, the security of the sites you visit should be something that you verify.

What should you be looking for?

  • Is the connection between your computer and the site secure ?

  • How can my browser help me determine the safety of a website ?

  • How can my anti-virus help ?

  • How can I tell if I am being re-directed to another site

  • Are there additional checks I can do if I am unsure ?

  • What tools are available to help me ?

How can I tell if I’m using a secure website?

Check for Secure Socket Layer (SSL)

Before you make a payment or share sensitive information online you need to be sure the website is secure. When on the web you’ll notice that the website’s address probably begins with Http://, meaning the site is using Hypertext Transfer Protocol. However, this site does not have an added security layer. If you are going to provide financial or sensitive personal information that URL (Web page address) should begin with Https://. Here is an example:

If you visit a few shopping sites, you’ll notice that the security layer is added when you are asked to enter sensitive information. As your access other site you’ll notice that a variety of Http: and Https: addresses. These may change based on the function. So if you are making a purchase, be sure that you are on a secure (https://) address. In other cases, e.g., you bank’s site the security layer should always in place. Any easy rule of thumb is that if the information you are providing is sensitive and should be secure look for the “s” at the end to the http.

The reason that https: is not used at all times has to do with performance. There is overhead with using the secure socket layer or (SSL) so, it security is not required http: is used.

Check for the “Lock” icon

There is a de facto standard among web browsers to display a “lock” icon somewhere in the window of the browser (NOT in the web page display area!) Here’s an example using Google, other site may display this information in a different location. Note the Green lock icon.

Clicking on the green lock provides the following information about the website.

In general terms, a click or double-click on the lock icon will provide the site’s security information. This is important to check this because some fraudulent web sites are often designed to imitate the lock icon of your browser! If in doubt, it is a good idea to test the functionality built into this lock icon to verify the functionality.

What does your browser say about the site?

One way is to check for the Secure Sockets Layer (SSL)-encryption. You’ll know a site is secure if it has a green padlock icon in the address bar, just before the URL.

You can also search the company’s on the Better Business Bureau’s website. You’ll be able to see reviews, complaints and even the grade the BBB has given the company.

Your Virus Protection software may help as well

Depending on the virus protection software being used there are checks that are done by many of these applications to verify the security of websites. The tool bar on the website show below has a tool (in this case provided by Norton) that helps identify the safety of the site. In this example we are using https://www.linkedin.com/company/entreda.

The browser shows that the website is safe.

Some browsers help as well…

The Site Identity Button is a Firefox security feature that gives you more information about the sites you visit. You can quickly find out if the website you are viewing is encrypted, if it is verified, who owns the website, and who verified it. This should help you avoid malicious websites that are trying to obtain your personal information. The Site Identity Button is in the Location bar to the left of the web address.

When viewing a website, the Site Identity Button will be one of five icons - a gray globe, a gray warning triangle, an orange warning triangle, a gray padlock, or a green padlock. Clicking on these icons will display identity and security information about the website.

Gray Globe

A gray globe indicates:

The website does not supply identity information.

The connection between Firefox and the website is not encrypted or only partially encrypted and should not be considered safe against eavesdropping.

Most websites will have the gray globe, because they don’t involve passing sensitive information back and forth and do not need to have verified identities or encrypted connections. It applies to websites served over HTTP (not encrypted) or HTTPS (partially encrypted).

Note: If you are sending any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) the Site Identity Button should not be a gray globe icon.

Gray Warning Triangle

A gray warning triangle indicates:

The website does not supply identity information.

The connection to this website is not fully secure because it contains unencrypted elements (such as images).

Orange Warning Triangle

An orange warning triangle indicates:

The website does not supply identity information.

The connection between Firefox and the website is only partially encrypted and doesn’t prevent eavesdropping.

It implies that you’ve previously allowed the mixed active content served over HTTPS to be displayed for the website despite the risks.

Reloading the website will block back certain HTTP requests to lower threats, change the icon to its previous state (gray globe for mixed passive content and gray padlock otherwise) and display the content mixer shield icon. For information about the mixed content block, see How does content that isn’t secure affect my safety?.

Note: If you are sending any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) the Site Identity Button should not be an orange warning triangle icon

Gray Padlock

A gray padlock indicates:

The website’s address has been verified.

The connection between Firefox and the website is encrypted to prevent eavesdropping.

When a domain has been verified, it means that the people who are running the site have bought a certificate proving that they own the domain and it is not being spoofed. For example, Facebook has this sort of certificate and an encrypted connection, so the Site Identity Button displays a gray padlock. When you click on the padlock, it tells you that you are actually connected to facebook.com as certified by VeriSign Inc. It also assures you that the connection is encrypted so no one can eavesdrop on the connection and steal your Facebook login information that way.

However, it is not verified who actually owns the domain in question. There is no guarantee that facebook.com is actually owned by Facebook the company. The only things that are guaranteed is that the domain is a valid domain, and that the connection to it is encrypted.

Green Padlock

A green padlock indicates:

The website’s address has been verified using an Extended Validation (EV) certificate.

The connection between Firefox and the website is encrypted to prevent eavesdropping.

A green padlock plus the name of the company or organization in green means this website is using an Extended Validation (EV) certificate. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates. While the gray padlock indicates that a site uses a secure connection, the green padlock indicates that the connection is secure and that the owners of the domain are who you would expect them to be.

With the EV certificate, the Site Identity Button assures you that paypal.com is owned by Paypal Inc., for example. Not only does the padlock turn green on the Paypal site, it also expands and displays the name of the owner in the button itself.

Screenshots from URLVOID