You probably feel pretty comfortable navigating the internet. You might even be among the 1 in 5 people who created a website. Or maybe you’re part of the 48% with “make a website” on their to-do list.
But could you correctly say what a safe URL actually looks like? If you can’t, you wouldn’t be alone.
In a newly-released online security survey conducted in March by Google Registry (Google’s domain registry) and The Harris Poll, 70% got the safe URL question wrong. And even as more than half of Americans over the age of 16 grade themselves an A or B for online safety and security, a good 97% got at least one question wrong on a basic six-question internet security quiz.
Keeping your website secure and safe, however ambitious or humble it may be, can be a challenge. So we went to where it all began to better help our readers understand how to protect privacy and security in cyberspace.
USA TODAY tapped the guy widely known as the “father of the internet,” Google vice president and chief internet evangelist Vint Cerf, for answers.
Questions and responses have been edited for space and clarity.
USA TODAY: Did you ever imagine back in the day not only what the internet/web would become, but the darker side that has also emerged – threats to our privacy and security?
Cerf: Initially, no we didn’t see the darker side of the web, not for the public use of the internet.
When we first started building the internet, the engineers were focused on getting it to work rather than worrying about how it could be used in a bad way. At the time, it wasn’t obvious what was needed to make things more secure for general use. We knew nefarious actors would go after the government’s defense use of the network. Eventually, encryption became publicly available, and we started to build in those technologies to make the internet more secure.
WhatApp security flaw: Here’s what users need to do
Wait, is that video real?: The race against deepfakes and dangers of manipulated recordings
What can we do?
USA TODAY: What can we, especially those of us who aren’t super technical, do to safeguard our privacy and security?
Cerf: A website can be attacked in many different ways. For example, malware or adware can be injected on a website, an unsuspecting user can be directed to a fake website, or one can eavesdrop on the data being sent in transit to a website. A website creator should look for solutions to help protect against each of these things.
First, when choosing a web hosting service, pick one that offers strong security, including encrypting data at rest, protecting data in transit, defending against denial of service and malware, hacking attacks, among other potential hazards. Regular updating of software used in the servers to improve security is important.
To ensure that your website hasn’t been taken over by malware or adware, you can turn to StopBadware, which is an organization that helps businesses cleanse their sites and offers resources and community support to owners of compromised sites.
Google generates lists of websites suspected of containing malware when it crawls the web to create the index it uses to respond to search queries. When users click on Google search response links, a warning page is shown if the site appears to Google to be infected.
To protect data while (it’s) in transit, a website creator should ensure that access to their website is encrypted with HTTPS. (That way) you’re ensuring any of the communications to or from that website cannot be seen by an eavesdropper.
An analogy: If you were to send a letter in the mail that has your personal information on it, would you rather send it on a postcard or in an opaque envelope? The “opaque envelope” is the physical equivalent of HTTPS.
Safe.page (from Google Registry) is a resource that provides basic education on how to stay safe – for both website creators and consumers.
What to look for to avoid breaches
USA TODAY: We hear about data breaches and privacy ruptures all the time. How do we address the problem?
Cerf: There are things that both individuals, website creators and the industry can be doing.
Individuals should educate themselves and understand the basics of reading a web address. Look for misspellings or extra “s” or “O’s” that have been replaced by “0’s”, or use of character scripts using “lookalike” characters. Particularly tricky are fake sites that use Cyrillic or Greek characters in lieu of Latin characters. This can be hard to detect depending on the fonts used.
They should also understand the importance of using an encrypted HTTPS connection, especially when entering personal information like credit card numbers or passwords or when accessing data over open Wi-Fi networks that are vulnerable to eavesdropping.
Browsers using HTTPS generally display a green “locked” lock to confirm encryption is active.
People also need to be smart about not reusing passwords and, when possible, always use two-factor authentication.
Lock it down: Your life is on your smartphone. These 8 steps can keep cyberthieves out
When it comes to privacy, people should be thinking twice about what they’re sharing and with whom.
One thing that many website owners don’t realize is that they need encryption on their entire website, not just for pages that are collecting credit card numbers or log-in info. A single page that isn’t encrypted could potentially be used to gain access to the rest of the website.
Also, browsers can warn users. Google’s move to have Chrome mark websites not encrypted with HTTPS as “not secure” in 2016 helped push more of the web towards encryption. Today, 90 of the top 100 sites on the web default to HTTPS.
Lastly, as we think of the Internet of Things, billions of devices are coming onto the net. Companies designing these products should consider privacy and security and make software updates automatic and assure that the update is coming from the right place. Digital signatures are helpful to achieve this objective.
Top security takeaways
USA TODAY: What are the most important things creators and consumers of the web (read all of us) have to keep in mind when it comes to internet security?
Passwords are not enough, two-factor authentication is critical.
If you have a website, make sure the hosting service offers high-quality measures to protect the website and its contents from attack. Take responsibility to ensure the site isn’t hosting malware and uses HTTPS for access.
For individuals, when clicking links in emails, PDFs or texts, hover over the hyperlink and make sure the hyperlink is what you expect it to be. Always closely read the URL/web address. Look for misspellings or extra letters or other indications of attempts to fool users into going to the wrong destination.
Email: firstname.lastname@example.org; Follow @edbaig on Twitter