by Dave Moore, 06/28/2020
I once had the pleasure of visiting merry old London, England, attending the InfoSecurity Europe conference. About 12,000 people from all around the globe showed up for the 3-day affair and, as you might suspect, the overall concern of those at the conference was information security.
The field of information security covers a lot of territory: information security on computers, on the Internet, on smart phones, on iPads, on portable media devices such a flash drives and digital cameras, and now, with the rise of silly Internet-connected devices like teapots, toaster ovens and flip-flops (no kidding), just about every other device that you can imagine.
Most of the conference’s exhibitors and speakers were high-rolling heavy hitters of the industry. I was deep inside the global corporate/enterprise computing scene; there were more suits there than an Armani factory.
As the Internet bad guys become smarter and their crimes more daring and successful, people are starting to take information security more seriously. That’s a good thing, but it’s easy for individuals and small companies (those with fewer than 100 employees) using the do-it-yourself approach to get lost in the information security maze. Part of my job is translating what are often complex (and expensive) security solutions into things that individuals and small companies can actually understand and use.
The strongest way to protect your information is to use encryption. Encryption turns your information into encoded gobbledygook that can only be read by people with a special encryption key, a key that only you can provide. Years ago, encryption was a real hassle to use, but not so anymore. There are some very easy-to-use, free encryption methods that can give you a very high level of information security, divided into three areas: Internet websites, email and storage devices.
If you are like most people, you visit websites that require you to login by providing a user name and password. Websites that provide email fall into this category, as well as banking websites, and social networking sites like FaceBook. When you visit these sites, pay attention to the website’s address at the top of your browser and observe the “s+lock” rule.
What you want to see is the address prefix “https” and a little yellow lock symbol down in the corner; sometimes, the lock symbol is next to the address bar. The “s” at the end of http and the lock mean that you are logging in on a secure page that encrypts your username and password before sending this information across the Internet.
If you do not see the “s” after http or the lock then you may be sending your username and password in “plain text,” meaning that this information can be easily intercepted and read, resulting in stolen login credentials. If you don’t see the “s,” try putting it in the address yourself and visiting the modified address. Website bookmarks and favorites should be changed accordingly.
Unfortunately, devices like phones and many tablet computers give you a very limited, dumbed-down version of what the Internet is trying to show you. They often don’t display things like https and the lock symbol, so how do you know what’s really going on?
The answer is, you don’t. Here’s a test you can try. Take your phone and a “normal” computer and use them side-by-side. Go to Amazon on both devices. See what I mean? On my phone, I can see the lock symbol, but not the complete website address. See if you can even figure out how to see the https part of the address on your phone. You can’t, can you?
Next week: getting started with encryption.
Dave Moore has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd., he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.com