When we talk about information security and cybersecurity, those that write about this area can often use complex and technical terms, assuming that the reader has the required knowledge to fully understand what those terms mean.

The truth however is that we quite often don’t, and that can have a negative impact on the lessons we take from what we’re reading, despite how important and helpful the lessons may be. So, we thought it would be helpful to bring cyber security back to basics by spending some time explaining different terms and areas of information security. This week we’ll be discussing cookies.

A computer cookie, also known as a HTTP cookie, gets its name from it being a shorter version of the term “magic cookie” which is where a packet of data is received by a computer, and is then sent back without changing that data. So, a cookie is essentially just information, which is sent to your computer when you visit a website, and your computer then stores this cookie in a file. The cookie then allows the website to keep track of your activity on that website, as well as certain activities whilst there.  Whilst this seems like it should be a security concern, cookies are often vital to how we use websites. For example, cookies allow you to keep items in your basket when shopping online, as the cookie allows the website to remember what you had in your basket when you click a different link. Without the cookie, every time you clicked on a different page of the website, your basket would reset back to being empty. Another example of cookies being useful to users is they allow your login information to be stored securely so you don’t have to remember your password every time you visit a website.

There are also different types of cookies that keep track of different types of activities. Session cookies for example only keep track of your activity on a website whilst using it- once you exit the website, the session cookies no longer exist. There are also authentication cookies, which track whether a user is logged in, and under what name. 

Cyber Security and Cookies

Under normal circumstances, there aren’t any security concerns with the transfer of cookies, as no viruses or malware can be sent to your computer via cookies. This is because no information is changed when a website sends one to your computer.

However, it is possible for malware and viruses to be disguised as cookies. For example, “zombie cookies’ are cookies that recreate themselves after being deleted. It can also present a security concern when third party cookies track your activities, as parties that you can’t necessarily identify can see what you are doing online. 

Norton offer a guide on how you can manage your cookies so that you can stay protected online. First you must open your browser (E.g Chrome, Internet Explorer). Then you need to find your cookie storage, and different browser may keep them in different locations, so look online if you are unsure on how to do this. Once found, you can then choose different settings, and again different browser offer different ways of doing this. Chrome for example allows you to delete cookies individually, as well as choose how future cookies are collected and stored. Internet Explorer however, provides a slider which you can adjust depending on the levels of security you want.

Ultimately however, due to GDPR, websites must ask for your consent when using cookies, meaning that you can remove consent, as well as choose certain cookies that you will allow to be used. It’s important to note however that different cookies allow different functions to work properly, so not allowing the use of certain ones may inhibit your ability to use the website to its fullest capabilities.