July 23, 2019

July 23, 2019

Subscribe to Latest Legal News and Analysis

July 22, 2019

Subscribe to Latest Legal News and Analysis

Pass It On: Locks Don’t Prevent Leaks

It is common for individuals to see the “padlock icon” on their browser bar when visiting a website, and assume they are safe. Sadly, this assumption is no longer valid. As we approach Data Privacy Day (January 28, 2019) many companies are taking extra steps to train employees about steps they can take to protect themselves – and their organizations. Here’s one to pass along to the team.

The padlock on the browser bar typically accompanies a website address that begins with “https://”. This Secure Sockets Layer (or SSL) signifies that information sent to and from the website will be encrypted and therefore (relatively) secure from unauthorized access. What the padlock and SSL do not signify, however, is that the website and its owners have themselves been vetted and are secure. In fact, according to a recent study, 49% of phishing sites now use SSL certificates and therefore sport that secure-looking padlock icon. This figure is up from less than 3% only 2 years ago. Phishers, who make a living by looking legitimate when they are not, have realized that they can qualify for the padlock icon while still pursuing their phishing goals. It gives them an appearance of legitimacy that is misleading to the casual observer. They rely on the common misunderstanding that encrypted communication with a website means the website is inherently legitimate.

Putting it Into Practice: Don’t be fooled! It’s important to know what the padlock icon and “https” do and do not mean. If you visit an unfamiliar website, look for the padlock, but also inspect the site to make sure it is authentic and legitimate. The bad guys keep adapting, and we have to do the same.

Copyright © 2019, Sheppard Mullin Richter & Hampton LLP.


About this Author

Jonathan E. Meyer, Sheppard Mullin, International Trade Lawyer, Encryption Technology Attorney

Jon Meyer is a partner in the Government Contracts, Investigations & International Trade Practice Group in the firm's Washington, D.C. office.

Mr. Meyer was most recently Deputy General Counsel at the United States Department of Homeland Security, where he advised the Secretary, Deputy Secretary, General Counsel, Chief of Staff and other senior leaders on law and policy issues, such as cyber security, airline security, high technology, drones, immigration reform, encryption, and intelligence law. He also oversaw all litigation at DHS,...