A guide to website security

Our Guides have been written by forum members for our community of Caretakers'...

Moderators: inspector, Dragonrider, jay, thecaretaker

Forum rules
Guides can only be added by the forum ADMIN. Registered Users can view these posts

Locked
User avatar
thecaretaker
Forum Administrator
Forum Administrator
Posts: 7607
Joined: 15th Jun 2001 at 1:00pm
22
Job Status: Retired Site Manager
Gender: Male
Jul 2020 10 18:26

A guide to website security

You would think that schools would be at the cutting edge of technology, but here at The Caretakers' Website, we often visit school websites at the request of schools to pick up information about job vacancies. Yet, few have any form of SSL encryption on their websites. But, they do have many areas on their websites where visitors are asked to complete web forms or enter text into email forms. All areas where personal information could be stolen such as email addresses, names and other personal details...

Banks have recently included information about checking a websites security before sharing information with the site and we suggest you also do this before completing forms on school websites.

In the address bar of your browser you should see a padlock. This shows you that the website has a SSL certificate and any information passed between your computer and the server where the school website is held will be encrypted. If you see a green padlock, this shows that additional encryption has been applied and this is required when making purchases or paying in money online.

1warning.PNG

The images above were taken from a Microsoft Edge browser. But all modern browsers should show you the same type of symbols. Older browsers such as Internet Explorer do not show you details about non-encrypted websites (if Internet Explorer doesn't show you a padlock in the address bar, assume that the site is not encrypted). We would recommend that you use an up-to-date browser.

So we advise all users who complete a form online (including completing email forms) to just check the security of the website and satisfy themselves that they are happy to share information with the site.

If a school website includes an area for making payments (E.g. paying in advance for school meals) ensure that section of the website has a green padlock and is fully secure. DO NOT share credit/debit card details with a non-encrypted website.

Here are 3 examples of websites with different levels of encryption:

These 3 websites were used to take the information shown in the image above.

Unsecure webpage: No encryption. http://kingoffaprimaryacademy.org/contact-us
Do not share any information with this non-secure website. Do not complete the information on their Contact Us page (such as Name, Telephone Number, Home Address, Email Address etc). I especially like the comment at the bottom of the page that says: We respect your privacy, the information contained in this form will not be shared... Wanna bet :-)

Secure webpage With encryption. https://www.thecaretakers.co.uk/phpBB3
OK, this is our website. We added SSL encryption to protect our visitors and registered members.

Very secure webpage: With encryption. https://www.nwolb.com/default.aspx
You would expect a bank or shop to have this level of encryption as you are sharing very sensitive personal information like credit card details.

A secure encrypted webpage will always have the address starting with https://

I will also add that some sites are made up with multiple pages and sections and each page may have a different level of encryption. Just be aware if a form is asking you to enter personal information, to check the address bar to see if it is secure to do so. I have come across some shops on the internet that have no security at all and I have chosen not to use them. It is often better to be safe than sorry. You may often find the same product on another site that is secure.

Some browsers have gone a step further and if you are viewing an unsecured website will show a splash screen to warn the user that the site in not secure.

As for schools, we would advise they look at their websites and include encryption where they expect users to enter information into forms. Most IT technicians should know how to implement SSL security certificates - shouldn't they?
You do not have the required permissions to view the files attached to this post.

Vérité Sans Peur
(Truth Without Fear)
User avatar
thecaretaker
Forum Administrator
Forum Administrator
Posts: 7607
Joined: 15th Jun 2001 at 1:00pm
22
Job Status: Retired Site Manager
Gender: Male
Jul 2020 16 09:15

Re: A guide to website security

UPDATE: 16/7/2020

Our forum (which is secure and uses encryption) WILL NOT allow non-secure URL's to be converted into a clickable link. Like the insecure website shown in the first post, the only way to see a non-secure website is by copying and pasting the non-secure URL into your browser. We don't advise you to do this, but if you do, be sure not to exchange any personal information with the site.

Keep safe on the internet! [Like.png]

Vérité Sans Peur
(Truth Without Fear)
Locked