Avoid costly data security breaches by training your staff to check for secure connections when handling private information on the Internet. Secure Hyper Text Transfer Protocol, or HTTPS, is a technology legal, healthcare, and financial businesses use to protect confidential client information safe on the Internet. Hackers do not have to go to much trouble to intercept non-encrypted website communications, especially when a target is using public Wi-Fi networks. Therefore, it’s essential employees make sure they’re using encrypted HTTPS instead of HTTP when working with confidential information like uploading patient information to a website or sending a record of financial information to a client.
Defining HTTP and HTTPS
HTTP is a data transmission method web browsers and website servers use to communicate with each other; HTTPS is a version of the protocol that encrypts communication for extra protection. Simply put, HTTP and HTTPS are the communication protocols Internet-connected devices use to “talk” to websites.
Checking for Protection
Websites and browsers make determining if a connection is secure straight-forward. HTTPS applies to individual connections, so every open tab has its own security configuration. The easiest way to check if a page is running an HTTPS connection is to look at the address bar:
- if the URL starts with HTTPS:// it is a secure connection
- if the address reads HTTP:// the page is not running a secure connection
However, manually checking can be tedious, so modern web browsers are built to make confirming if a page is secure easy.
For example, Google Chrome and Mozilla Firefox will display a green padlock icon at the start of the address bar when HTTPS is present; both browsers will display warning icons if the connection’s security is in question or the website is a known danger.
Plugins like HTTPS Everywhere provide additional security by forcing HTTPS connections whenever possible.
When HTTPS is Necessary (and when it isn’t)
Train employees to recognize that HTTPS is necessary whenever they are using a service with login credentials, are uploading confidential files, or are filling out forms with private information. However, HTTPS can actually make web browsing worse when it’s being used unnecessarily.
With HTTPS providing a seemingly simple fix for a large share of security woes on the Internet, it might seem negligent for sites to continue using regular HTTP. Unfortunately, HTTPS comes with several caveats including increasing connection latency and disabling caching which contribute to longer load times. If someone is just browsing a news site or reading a public blog, there’s no confidential information being sent so HTTPS increases the load time to protect nothing. By eliminating caching, people accessing the site need to go through the original hosting server instead of a possible closer-located CDN server which could substantially increase loading times for users outside of the hosting region. Additionally, HTTPS hosting costs more than HTTP hosting.