Force HTTPS Website Visits On WEB Browsers For Added Security
On August 26th Chinese hackers penetrated four U.S. firms, two Internet Service Providers (ISPs), one Managed Services Provider (MSP) and an IT (Information Technology) provider through a zero-day flaw*. An ISP in India was also hacked. The compromised companies’ names were not divulged.
An emergency patch was issued. Even so, this zero-day exploit allowed hackers to gain unauthorized access and potentially steal sensitive credentials from downstream customers. Those downstream customers potentially include you and me and our families. That is if we were connected to the compromised networks and use their services.
We could have had our personal data, browsing habits and sensitive information exposed. This might include login credentials, financial information and private communications.
Some Privacy and Security Suggestions
We have discussed numerous privacy and security proactive measures over the past several years and have numerous PDFs available that cover various topics. These include, but are not limited to:
- having the latest software and firmware updates installed.
- using complex, unique passwords, password managers, passkeys, etc.
- enabling multi-factor authentication where ever possible on accounts, especially for email, banking and social media.
- using a virtual private network (VPN) to make it more difficult for hackers to intercept your data.
- keeping an eye on unusual activity or unauthorized devices connected to your home network.
- ensuring that your Wi-Fi network does not reveal personal information.
- staying educated and informed on various phishing attempts and how to avoid them.
- installing reputable antivirus and anti-malware software to detect and remove threats.
- monitoring bank and credit card statements for unauthorized transactions and reviewing account activity.
- do not share personal information on social media and other online platforms.
- seek help from family members or professionals if needed.
Force Browser Visits To HTTPS Websites
One additional suggestion in light of this recent hack is to force web browsers to only visit HTTPS websites. It is a smart move for enhancing online security and privacy and is better than using Apps you have downloaded they quite possibly may lead you to unsecured sites.
HTTPS encrypts data exchanged between your browser and the website. It thus protects your data from eavesdropping and man-in-the-middle attacks. This is crucial, especially when transmitting sensitive information like passwords or financial details. Websites using HTTPS may display a padlock or other icon in the address bar.
Note: The HTTPS only ensures the data is encrypted and secure. It does not ensure that the site is legitimate. Bad guys can still be on the other end so before you upload sensitive data make sure you are on a trusted website.
Most modern browsers now offer a built-in option to enforce HTTPS connections. These are usually found in the settings by entering “HTTPS,” “only HTTPS” or “Force HTTPS” in a search box.
However, I found only one browser, Brave, on my Android phone that allows it in its settings. The default setting does not!
Firewalls
I was on a recent discussion where it was suggested that a computer firewall is sufficient protection against various cyber threats. A firewall provides significant protection for the average user. However, it is not a complete solution on its own.
A firewall is an essential part of a multi-layered security plan when correctly set up and regularly updated. It acts as a barrier and protects against a range of threats. But they cannot protect against all types of cyber threats, especially those that exploit user behavior, such as phishing attacks.
* “A zero-day flaw is a vulnerability in a software or hardware system that is unknown to the vendor or developer. This means there is no patch or fix available to address the issue. Exploiting a zero-day flaw can allow attackers to gain unauthorized access to systems, steal data, or disrupt operations.” per Google Gemini.
Michael
Questions? Contact us (form on right sidebar) or call 708.762.3259 to set up a free 15-minute appointment with Judy and me.
Note: The information contained herein is a guideline, it is not all-inclusive. There are additional precautions you should take, too many to list here.
Our previous articles on Data Breaches:
The National Public Data (NPD) leak included Social Security Numbers with steps to take was originally published September 2, 2024: “Social Security Numbers Leaked In NPD Data Breach | Act Now.”
A massive data leak published on January 27, 2024: “Security And Privacy Tips Following New Massive Data Leak.”