Cyber hygiene: surfing the web
In order to increase the security of your IT, a certain number of good practices are grouped under the generic term of IT hygiene. In this fourth part of a five-part series, we list some of these best practices. Today, some tips for surfing the web.
HTTP: unsecured site
Sites accessible with HTTP protocol transmit and receive information unencrypted, which means that any intermediary can read the information in transit.
For any form filling containing confidential information (your details may already be considered sensitive), check that the website uses the HTTPS secure protocol (a padlock icon is displayed in the address bar).
Be careful, the simple use of a site accessible in HTTPS is not a guarantee of seriousness: a fraudulent site can use the HTTPS protocol.
Open access Wi-Fi networks
Avoid any confidential activity or password entry if you are connected to an open access network without a personal login. The same goes for hotels that offer a non-unique password.
Fraudulent copy of a website
Some fraudulent websites pretend to be the original site, using a name and/or graphics very similar to the authentic site.
Always check the address bar for the name of the site you are visiting and leave if in doubt.
Illegal content
Some websites offer illegal content (movies, music, software...) and are potentially dangerous. It is rare that such content is offered in a totally disinterested way and often it is a good way for criminals to attract future victims.
Therefore, avoid this kind of sites and find out about their reputation before visiting them.
Files to download
As for e-mail attachments, files to be downloaded from a site are potentially dangerous, especially if they are software. Be aware that some seemingly harmless files may turn out to be software or contain executable scripts (e.g. Word or Excel documents). Only download files with the utmost caution, for example by making sure that the file type corresponds to reality. For example, the file "My image.jpg.exe" is not a JPEG image, but an application (EXE) trying to pass itself off as an image.