See attached:
Running Head: HTTPS AND HTTP 1
HTTPS AND HTTP 3
Discussion ReplyTop of Form
Please respond to the following student’s post regarding the discussion below.
· If HTTPS is “secure” and HTTP is just for regular traffic, what do you think users should keep in mind when communicating sensitive information over the Internet? Have you ever taken that “s” seriously when conducting business online? What implications do you think a business might be concerned with? What would you advise if you were the decision maker for a small company?
Student “I.S.” Responded with the following:
Professor / Classmates,
What do you think users should keep in mind when communicating sensitive information over the Internet.
They should keep in mind the HTTP is perfectly find for browsing the Web any day at anytime, however any form fills where entering sensitive data on a web page should ONLY be done via HTTPS for preventing their data getting compromised. They should also pay attention to any of these form filling websites to make sure that the “S” is at the end of the HTTP, so that they can feel trusted that the company / business there are doing business with is practicing safe secured web browsing and has their customers best interest at hand. It should also be mentioned that at the same time HTTPS may be the trusted source of conducting business safe online through entering personal (PI) but it is also prone to also being intercepted also. Users may or may not know the version of HTTPS that is being used in the background (older versions of SSL, rather than TLS) thus allowing for decryption by those attacking in the middle “man-in-the-middle-attack“. Very popular websites stay ontop of their updating their browsers, however if a user is suspicious of the website they should take precaution before entering any data that may get intercepted or compromise along the way.
Have you ever taken that “s” seriously when conducting business online?
As far back as i can remember I believe that I have been careful with entering my Personally Identifiable information (PII) on any website having been around the telecommunication and Cybersecurity environment teaching since High School to this point of my life. Today I treat it ever so more important as any mistakes made today on a presume working secured HTTPS website can be both costly and a ruin to one’s credit integrity that could lead into re-establishing one’s identity.
What implications do you think a business might be concerned with?
Any business that has a form-filled form that their clients / customers to enter any type of Personal Identifiable information (PII) should also be concerned with any attempt of compromising their web browser that secures this information / data to prevent an unnecessary fallout for both company and consumer at the same time. Businesses like E-Commerce should have best practices in implementing their HTTPS. They should be using robust security certificates by having them issued by a certificate authority, which would take steps to verify their web address actually belonging to their business, thus protecting the customers that interact with them from attacks like man-in-the-middle.
What would you advise if you were the decision maker for a small company?
The advise I would give for a small company is to have identify risks an vulnerabilities, protect your applications and data, where possible detect data corruption and configuration anomalies, respond to changes in configuration and data, have ways to recover access to critical applications and data if their website is compromised by lack of HTTPS and the attacks that comes with it.