Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Security & Privacy Issues for
the Consumer & Site Owner
By: Alexandra MacLeod and Liane Van Diepen
10039412/12063364
20 Ma...
Introduction
 Security
 Types of Risks
 Privacy
 Data Protection Act 1998
 Privacy and Electronic Communications Regu...
Security - Consumer Concerns
 Stolen credit card details
 Phishing
 Downloading viruses
 Website has security
certific...
Security – Site Owner
 What is information security?
 Ensuring your website is available 24 hours a day for your
custome...
Types of Security Risks
 Denial of Service Attack
 Hacking
 Destruction of Data - viruses
 Malware
 Phishing
 Secure...
Denial of Service Attack
 Hackers overload website
with traffic
 Website can't handle
volume and shuts down
 Major disr...
Hacking
 Unauthorised website
access/publication
 Malicious intent /
monetary gain
 The Sun newspaper
hacked by infamou...
Destruction of Data - Viruses
 Computer viruses can shut
down company websites
 I Love You Virus
 Attachment sent via e...
Malicious Software on Websites
 “When it comes to computer
viruses, you’re now more
likely to catch one visiting a
church...
Secure Payments/Website
Encryption
 Secure payments
 Well known payment system such as
WorldPal or PayPal which uses enc...
Phishing
 Masquerades as an official
website communication
 Requests users' login
information
 Uses information to
frau...
Managerial Implications
 Reputational damage
 Trust
 Disruption
 Inconvenience
 Loss of traffic
 Costs
Managerial Preventative Measures
 Secure website design from
the beginning –
difficult/expensive to add
later
 Antivirus...
Privacy
 Data Protection Act 1998
 How data is collected and used
 Privacy and Electronic Communications Regulations
 ...
Consumer Concerns
 Data leakage – how secure
is my data and what
happens if it is lost/leaked?
 Data use without consent...
Data Protection Act 1998
 Eight Principles:
 1. Fairly and lawfully processed
 2. Processed for limited purposes
 3. A...
Data Protection Act 1998
 Applies to customers as well
as employees
 Personal data
 Name, address, NI Number
 Sensitiv...
Data Protection Non-compliance
 Monetary – up to £500,000
 Undertaking
 Prosecution
Privacy and Electronic
Communications Regulations
 Electronic Marketing
Activities
 Email marketing and
SPAM
 Cookies
...
Cookies
 What is a Cookie?
 A small text file that stores user
information on their computer
 What is it used for?
 Sh...
Privacy Directive 26 May 2012
 Website notification that cookies are in use
 Gives option/instructions how to disable an...
Email Marketing and SPAM
 What is SPAM?
 Emails sent without consent
 Sent in bulk and impersonalised
 Email Marketing...
Email Marketing and SPAM
 Consent
 User must “opt in” rather than
“opt out” – i.e. the check box
should be unticked
 Mu...
PECR Non-compliance
 Written request for
compliance
 Monetary – up to £500,000
 Undertaking
 Prosecution
Managerial Implications
 Large fines
 Reputational damage
 Trust
 Angry customers
Managerial/Consumer
Preventative Measures
 Appoint a Data Controller for your
organisation who will be
responsible for DP...
Conclusion
 Security
 Priority
 Reassurance for customers
 Privacy
 Comply with laws and regulations
to avoid punishm...
References
 Chaffey, D., 2013. Website Security Requirements. [online]. Available at:
http://www.smartinsights.com/ecomme...
Nächste SlideShare
Wird geladen in …5
×

Digital marketing presentation - security risks for websites

1.132 Aufrufe

Veröffentlicht am

Digital marketing presentation - security risks for websites

Veröffentlicht in: Marketing

Digital marketing presentation - security risks for websites

  1. 1. Security & Privacy Issues for the Consumer & Site Owner By: Alexandra MacLeod and Liane Van Diepen 10039412/12063364 20 March 2013
  2. 2. Introduction  Security  Types of Risks  Privacy  Data Protection Act 1998  Privacy and Electronic Communications Regulations  Cookies  Email Marketing and SPAM  Managerial Implications & Preventative Measures
  3. 3. Security - Consumer Concerns  Stolen credit card details  Phishing  Downloading viruses  Website has security certificates Source: Smart Insights (2012)
  4. 4. Security – Site Owner  What is information security?  Ensuring your website is available 24 hours a day for your customers  Ensuring only the correct people can administer the website’s content  Preventing unauthorised alteration or destruction of your data  Avoiding your website being used to distribute other peoples’ software  Ensuring that your employees cannot accidentally delete valuable information  Stopping your website being used to damage users’ computers  Protecting your reputation Source: Watson Hall Security, Smart Insights (2012)
  5. 5. Types of Security Risks  Denial of Service Attack  Hacking  Destruction of Data - viruses  Malware  Phishing  Secure Payments/Website Encryption Source: Watson Hall Security (2013); Symantec Internet Security Threat Report (2012);
  6. 6. Denial of Service Attack  Hackers overload website with traffic  Website can't handle volume and shuts down  Major disruption to service
  7. 7. Hacking  Unauthorised website access/publication  Malicious intent / monetary gain  The Sun newspaper hacked by infamous LulzSec hacking group  1 million online users  Data Protection obligations
  8. 8. Destruction of Data - Viruses  Computer viruses can shut down company websites  I Love You Virus  Attachment sent via email  Overwrites photo/video files  Shutdown websites including Ford and Chrysler due to employees opening infected email attachments
  9. 9. Malicious Software on Websites  “When it comes to computer viruses, you’re now more likely to catch one visiting a church website than surfing for porn” – Symantec (2012)  Malware – viruses, worms, Trojans, bots  Infects website the user’s computers  Downloadable files on websites are a hotbed for viruses  External content on websites such as videos and photos are virus-prone Source : Symantec Internet Security Threat Report (2012)
  10. 10. Secure Payments/Website Encryption  Secure payments  Well known payment system such as WorldPal or PayPal which uses encryption  Use Transport Layer Security (TLS) and Secure Socket Layers (SSL) certificates to reassure customers:  Padlock  HTTPS  Green Address Bar  Legally incorporated name Source: Global Sign, (2013)
  11. 11. Phishing  Masquerades as an official website communication  Requests users' login information  Uses information to fraudulently obtain funds from their account  Who is responsible for the customer’s loss?
  12. 12. Managerial Implications  Reputational damage  Trust  Disruption  Inconvenience  Loss of traffic  Costs
  13. 13. Managerial Preventative Measures  Secure website design from the beginning – difficult/expensive to add later  Antivirus software is always up to date  Firewalls  Phishing notifications via email  Employee email filtering  Securesign SSL/TLS Certificates  Split login screens
  14. 14. Privacy  Data Protection Act 1998  How data is collected and used  Privacy and Electronic Communications Regulations  Cookies  Email Marketing and SPAM
  15. 15. Consumer Concerns  Data leakage – how secure is my data and what happens if it is lost/leaked?  Data use without consent  Annoyance/Waste of time  Not having opt in/opt out notices Source: Smart Insights (2012)
  16. 16. Data Protection Act 1998  Eight Principles:  1. Fairly and lawfully processed  2. Processed for limited purposes  3. Adequate, relevant and not excessive  4. Accurate and up to date  5. Not kept longer than necessary  6. Processed in accordance with the individuals rights  7. Secure  8. Not transferred to a country outside the EEC unless it has adequate protection Most breached principle in 2012
  17. 17. Data Protection Act 1998  Applies to customers as well as employees  Personal data  Name, address, NI Number  Sensitive data  Political views, religion, ethnicity  Data subject access requests  Enforced by the Information Commissioner’s Office
  18. 18. Data Protection Non-compliance  Monetary – up to £500,000  Undertaking  Prosecution
  19. 19. Privacy and Electronic Communications Regulations  Electronic Marketing Activities  Email marketing and SPAM  Cookies  Enforced by the Information Commissioners Office
  20. 20. Cookies  What is a Cookie?  A small text file that stores user information on their computer  What is it used for?  Shopping cart  Personalisation  Cookie Ingredients  Domain  Name  Value  Expiry  Path  Secure  HTTP only
  21. 21. Privacy Directive 26 May 2012  Website notification that cookies are in use  Gives option/instructions how to disable and find further information
  22. 22. Email Marketing and SPAM  What is SPAM?  Emails sent without consent  Sent in bulk and impersonalised  Email Marketing Regulations  Consent must be given to receive marketing communications - except where there is a defined relationship  Must contain an unsubscribe link in the email  ICO can investigate complaints relating to SPAM sent from the UK
  23. 23. Email Marketing and SPAM  Consent  User must “opt in” rather than “opt out” – i.e. the check box should be unticked  Must be made clear that they are consenting to receive communications  What is a defined relationship/soft opt-in?  Obtained customer details during course of previous sale transaction  Marketing is of similar products  Option to opt-out is given in every future message
  24. 24. PECR Non-compliance  Written request for compliance  Monetary – up to £500,000  Undertaking  Prosecution
  25. 25. Managerial Implications  Large fines  Reputational damage  Trust  Angry customers
  26. 26. Managerial/Consumer Preventative Measures  Appoint a Data Controller for your organisation who will be responsible for DPA and PECR obligations – legal obligation under DPA  Ensure fully compliant with all legislation and regulations  Security and privacy notices on the website in plain English to reassure customers  Be careful who your email address is given to  Don’t click on spam and attachments  Unsubscribe/ Opt out
  27. 27. Conclusion  Security  Priority  Reassurance for customers  Privacy  Comply with laws and regulations to avoid punishment  Reassurance for customers  For more information:  Symantec Internet Security Threat Report 2011 (published April 2012)  ICO website
  28. 28. References  Chaffey, D., 2013. Website Security Requirements. [online]. Available at: http://www.smartinsights.com/ecommerce/payment-security/website-security- requirements/ [accessed 28 February 2013]  Chaffey, D., 2012. Research on consumer attitudes to online privacy. [online]. Available at: http://www.smartinsights.com/marketplace-analysis/customer-analysis/research-on- consumer-attitudes-to-online-privacy/ [accessed 28 February 2013]  Chaffey, D., Mayer, R., Johnston, K. and Ellis-Chadwick, F., 2000. Internet Marketing. Essex: Pearson.  Financial Ombudsman Service, 2013. Disputed technical transaction. [online]. Available at: http://www.financial-ombudsman.org.uk/publications/technical_notes/disputed- transactions.htm [accessed 10 March 2013]  Global Sign, 2013. Security Certificates. [Online]. Available at: https://www.globalsign.co.uk/ssl/domain-ssl/ [accessed 18 March 2013]  Halliday, J., 2012. The Guardian reaches nearly 9 million readers across print and online. [online]. Available at: http://www.guardian.co.uk/media/2012/sep/12/guardian-9- million-readers-nrs [accessed 10 March 2013]  Information Commissioner’s Office, 2013. Data Protection Act Claiming Compensation. [online] available at: http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/c laiming_compensation.pdf [accessed 12 March 2013]  Information Commissioner’s Office, 2013. Electronic Mail (Regulations 22 and 23). [online] available at: http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_gui de/electronic_mail.aspx [accessed 10 March 2013]  Information Commissioner’s Office, 2013. Privacy and Electronic Communications Regulations. [online] available at:http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications.aspx [accessed 3 March 2013]  Information Commissioner’s Office, 2013. Sensitive details of NHS staff published by Trust in Devon. [online] available at: http://www.ico.gov.uk/news/latest_news/2012/sensitive-details-of-nhs-staff- published-by-devon-trust-06082012.aspx  Information Commissioner’s Office, 2013. Viral Marketing. [online] available at: http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_gui de/viral_marketing.aspx [accessed 3 March 2013]  Oremus, W., 2013. Unprotected Sects. [online] Available at: http://www.slate.com/articles/technology/technology/2012/05/malware_and_computer_vi ruses_they_ve_left_porn_sites_for_religious_sites_.html [accessed 12 March 2013]  Norton, 2013. Phishing [online]. Available at: http://uk.norton.com/security_response/phishing.jsp [accessed 10 March 2013]  Paypal, 2013. Security. [online]. Available at: https://www.paypal.com/uk/webapps/mpp/paypal-safety-and-security [accessed 10 March 2013]  Perlroth, N, 2012. Six big banks targeted in online attacks. [online. Available at: http://www.bostonglobe.com/business/2012/09/30/banks-hits-wave-computer-attacks- group-claiming-middle-east-ties/gsE6W3V57nBAYrko1ag8rN/story.html [accessed 10 March 2013]  Seltzer, L, 2010. ‘I Love You’ virus turns ten: what have we learned? [online]. Available at: http://www.pcmag.com/article2/0,2817,2363172,00.asp [accessed 28 February 2013]  Symantec, (2012). Internet Security Threat Report 2011{online]. Available at: http://www.symantec.com/content/en/us/enterprise/other_resources/b- istr_main_report_2011_21239364.en-us.pdf [ accessed 12 March 2013]  Teixera, R, 2007. Top five small business internet security threats. [online]. Available at: http://smallbiztrends.com/2007/06/top-five-small-business-internet-security-threats.html [accessed 3 March 2013].  Watson Hall, 2013. Top 10 Website Security Issues. [online]. Available at: https://www.watsonhall.com/resources/downloads/top10-website-security-issues.pdf [accessed 28 February 2013]

×