Cybersecurity is one of my many interests. My work at is often focused on helping ensure computer networks and systems remain secure from various security threats. I hold a Comptia Security+ certification and I’ve also recently completed an online MIT course on Cybersecurity, which taught me that cybersecurity is a negative goal and a continual process. New threats emerge constantly and you must always work to stay informed and hopefully ahead of your adversaries.
Cybersecurity is a hot button issue with many reports of data breaches being reported almost continuously now in the national news every few months. Many times computer users get complacent when it comes to security; myself included. We think that we won’t ever be hacked or that security is only a problem for corporations with vasts amounts of sensitive data . This is not the case. We are always susceptible to having our information stolen, especially when we are surfing the web.
I think the best kind of security is often transparent and easy to do, which is where HTTPS Everywhere comes in at. It’s a simple web browser add-on , which helps make browsing websites more secure by automatically connecting you to sites using their secure and encrypted HTTPS address, if the connection option is available.
HTTPS is the secure version of HTTP. It works by using a mechanism called public key cryptography that utilizes certificates and various protocols such as TLS to secure data between you and the server hosting the website you are visiting. This ensures the website you are visiting is truly the correctly website you intend of visiting and that the data you transmit to it is encrypted and unaltered.
Many times you may visit a website and not know that a secure connection to it is available. I say if it’s there, why not use it? This is a brilliant add-on because it allows your web browser to choose the best connection option for you with no user interaction required.
For an example of this in action, I’m going to pick on Microsoft a bit here because their website is a good example of using HTTPS Everywhere functionality. If you were to go out to www.microsoft.com, your address bar in Chrome would look similar to the screenshot below. Since you don’t see https in-front of the www.microsoft.com address, this means that your connection to their site is NOT encrypted and any information you transmit while on it can potentially be intercepted. Sure, you can manually go to the secure HTTPS site, which they do offer, but who wants to do that or remember to do that for every site you visit?
To get HTTPS Everywhere, head over to www.httpseverywhere.com and download the add-on for the browser of your choice.
For this example, I’m using the Chrome add-on. Once you click on the download link, you’ll be prompted to add the extension to Chrome.
After the extension has been added see the extension logo near the Chrome menu button, which means its installed and working.
Now, if you go back to www.microsoft.com, you are automatically connected to their secure HTTPS site. Chrome helps identify HTTPS sites with a Green button and lock-pad logo to the left of the website address. You can now be ensured that whatever information you transmit on Microsoft’s website is encrypted and secure.
Securing website connections is not a novel idea. Most websites you use for e-mail, banking, and shopping already have encryption in place and most users probably don’t pay much attention it. Encryption is a necessity for modern websites that transmit any sort of private data. It has even reached a government mandated level. Federal websites have until the end of 2016 to secure all of their website with encrytion.
https://www.whitehouse.gov/sites/default/files/omb/memoranda/2015/m-15-13.pdf
In concluding, while HTTPS Everywhere won’t protect you for all security threats you may face, it is a nice tool to add to your security arsenal and is as easy defense mechanism yo can easily deploy to help ensure security when browsing the web.