PERSPECTIVES FROM THE CAMPUS

One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.

In today’s blog, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, reminds us to be alert to the important features we need to look for when it comes to making sure that a website is truly secure.  

By David Dungan

For everything you’ll hear about what it is we should focus on in today’s digital age, website security really is more important than ever.

And whether your job relies on providing a shopping service, sharing information about a service or product, or hosting a social platform, a secure website builds trust with your users by protecting them from cyber threats.  The same is true for your employees, as well as the vendors that work with your company or organization.

Of course, website security isn’t just a concern for business owners or developers, it’s something that all of us should be aware of. In doing so, it’s important to keep in mind that recognizing the traits of a secure website is a critically important step we need to follow, especially whenever we’re accessing our bank account, making a purchase, or visiting any website that involves disclosing our personal information.

And while it might be understandable to think spotting these types of features is something that, by now, is or should be second nature, think again.

Cybercriminals exploit the traits of secure websites by using them as cover for phishing, malware, and brand impersonation attacks. By leveraging legitimate features like HTTPS and domain validation, attackers trick users who have been trained to look for those signs of trust.

Recent data suggests they’re working to try and do just that, as evidenced by the fact that studies from 2024 and 2025 report that over 90 percent of phishing sites use SSL/HTTPS encryption to appear legitimate, according to Vocal and Keepnet Labs. This tactic exploits the common expectation that a padlock icon indicates a secure connection, effectively "hiding in plain sight" to deceive users.

Fortunately, there are several defining steps we can take when identifying (or creating) a secure website, including:

• HTTPS Encryption – Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP, which is the primary protocol used to send data between a web browser and a website. HTTPS is encrypted in order to increase security of data transfer.
• Strong Authentication Measures - Secure websites recommend users to utilize strong passwords when creating an account. It’s a good idea, too, to use unique passwords and be sure not to re-use the same password. Measures like this are often paired with two-factor authentication (2FA).
• Website Backups - Backups are vital to helping businesses prepare for the worst-case scenario. Backups allow for quick website recovery in the event of the website being taken down due to malware or cyber-attack
• Use Anti-Malware Software - Anti-malware software protects against malicious programs, such as viruses or malware. You can use this software to scan the site for malware and alert when any is detected. It can also be used to remove any malware that is found. This allows for the website to be secure from any malicious software that may find its way into the website.

In today’s digital society, it’s OK, too, to feel overwhelmed, at times, by our online experiences. And some of the threats we face are advancing as rapidly as the technologies we’re using to protect ourselves against these attacks. That’s especially true, both in terms of the frequency at which a lot of this is happening and the sophistication of the techniques that are being used by nation state actors and cybercriminals.

The best approach we can use is to remember that website security is not just a technical requirement, but that it’s a critical piece of user trust and online safety. And by prioritizing these measures will help ensure that your website remains a safe space for users to browse, shop, or interact with others and the same will be true when visiting the website to manage our checking account or visiting our favorite store.