The ongoing need to protect the Johns Hopkins Medicine website and its visitors is a fact of life for Brian Harder and his team.
The director of strategic web development for Johns Hopkins Medicine says that, whether by automated or manual means, Johns Hopkins Medicine’s website is under near-constant attack by hackers who are “always hunting for vulnerabilities.”
One common scheme is the “man-in-the-middle” attack. A hacker will exploit a network, perhaps through an unprotected Wi-Fi hot spot, in order to intercept data exchanged by visitors to various websites. The hacker can then alter transactions or gather data – an attack that is particularly harmful for banking and financial industries. Given the rise in identity theft, Harder says, tech industry giants such as Google and Microsoft have tightened online security by implementing new standards.
Harder’s team has devoted hundreds of hours to encrypting all interactions on the HopkinsMedicine.org website. “In the past, the focus of encryption was on protecting forms that collected visitor information,” he says. “Today, however, we focus on every interaction within the site. You might say we’ve not only locked every window and door in your house, but have also secured a tiny vent in the attic.”
Visitors to the Johns Hopkins Medicine website may not even notice the clues indicating that whatever data they exchange on the site is encrypted. Google’s popular Chrome web browser, for instance, displays a small icon of a padlock next to the HopkinsMedicine.org address, which leads with the letters “https” rather than the unsecured “http.” The letter S represents the difference between secure and vulnerable.
A little more than 50 percent of the web now runs under HTTPS. Upcoming versions of Chrome and Internet Explorer browsers will flag sites without up-to-date security certificates as being unsafe. “It’s a great example of how a technical issue could have an impact on brand perception,” Harder says. “Nobody wants to see a big red exclamation point when they click on something. That won’t happen when you visit one of our pages.”