Digital marketing presentation - security risks for websites

363 views

Published on

Digital marketing presentation - security risks for websites

Published in: Marketing
1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total views
363
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
9
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide
  • Lianne
  • Lianne – introduction – what we will cover during the presentation
  • Lianne – these are the top four concerns for security that consumers have according to a Smart Insights survey in 2012 and these concerns will be covered in this presentation
  • Lianne – Leading internet security firm Watson Hall describes information security as the following: [reads from list].
  • Lex – types of security risk which are contained within the previous definition
  • Lex – describe what a denial of service attack is, use examples of the American banks. Implication: reputation-trust
  • Lex – describe what a hacking is, talk about the Sun. Implication: Reputation
  • Lex – describe what viruses can do to website, talk about I LOVE YOU. Implication: Reputation / costs
  • Lex – describe what malware is and how it can be contained within website. Implication: Reputation / costs
  • Lex – importance of using secure payment system with encryption, using TLS and SSL certificate to reassure customers. Explain the above image.
  • Lex – Explain phishing – QUESTION TIME: Ask class who they think the responsibility for this kind of fraud lies with. Explain it.
  • Lianne – as above
  • Lianne – as above
  • Lianne – introduction to privacy section
  • Lianne – according to a Smart Insights survey the following are consumers biggest concerns regarding privacy and communications
  • Lex – discuss each principle
  • Lex – as above
  • Lex – types of penalty with examples
  • Lianne – The PECR covers electronic marketing activities such as email marketing, SPAM and cookies. As with Data Protection Act it is enforced by the ICO
  • Lianne – can you add some info here? I don’t know much about this. Thanks!
  • Lianne – as above and further info you think of
  • Lianne – as above plus whatever else you think necessary – the defined relationship is discussed in the next slide so maybe say “...except where there is a defined relationship....which will be discussed in the next slide....must contain unsubscribe..”??
  • Lianne – As above plus whatever further information you think is necessary
  • Lianne/Lex (I don’t mind doing it if you prefer but up to you). As with the DPA, the ICO can impose the same types of penalties - after a written notice for compliance has been issued. The ICO has written to companies who were deemed uncompliant with the cookie regulations including the above companies. No penalties as yet and the ICO is working with them to achieve compliance.
  • Lex – as above
  • Lex – as above
  • Lex – as above
  • Digital marketing presentation - security risks for websites

    1. 1. Security & Privacy Issues for the Consumer & Site Owner By: Alexandra MacLeod and Liane Van Diepen 10039412/12063364 20 March 2013
    2. 2. Introduction  Security  Types of Risks  Privacy  Data Protection Act 1998  Privacy and Electronic Communications Regulations  Cookies  Email Marketing and SPAM  Managerial Implications & Preventative Measures
    3. 3. Security - Consumer Concerns  Stolen credit card details  Phishing  Downloading viruses  Website has security certificates Source: Smart Insights (2012)
    4. 4. Security – Site Owner  What is information security?  Ensuring your website is available 24 hours a day for your customers  Ensuring only the correct people can administer the website’s content  Preventing unauthorised alteration or destruction of your data  Avoiding your website being used to distribute other peoples’ software  Ensuring that your employees cannot accidentally delete valuable information  Stopping your website being used to damage users’ computers  Protecting your reputation Source: Watson Hall Security, Smart Insights (2012)
    5. 5. Types of Security Risks  Denial of Service Attack  Hacking  Destruction of Data - viruses  Malware  Phishing  Secure Payments/Website Encryption Source: Watson Hall Security (2013); Symantec Internet Security Threat Report (2012);
    6. 6. Denial of Service Attack  Hackers overload website with traffic  Website can't handle volume and shuts down  Major disruption to service
    7. 7. Hacking  Unauthorised website access/publication  Malicious intent / monetary gain  The Sun newspaper hacked by infamous LulzSec hacking group  1 million online users  Data Protection obligations
    8. 8. Destruction of Data - Viruses  Computer viruses can shut down company websites  I Love You Virus  Attachment sent via email  Overwrites photo/video files  Shutdown websites including Ford and Chrysler due to employees opening infected email attachments
    9. 9. Malicious Software on Websites  “When it comes to computer viruses, you’re now more likely to catch one visiting a church website than surfing for porn” – Symantec (2012)  Malware – viruses, worms, Trojans, bots  Infects website the user’s computers  Downloadable files on websites are a hotbed for viruses  External content on websites such as videos and photos are virus-prone Source : Symantec Internet Security Threat Report (2012)
    10. 10. Secure Payments/Website Encryption  Secure payments  Well known payment system such as WorldPal or PayPal which uses encryption  Use Transport Layer Security (TLS) and Secure Socket Layers (SSL) certificates to reassure customers:  Padlock  HTTPS  Green Address Bar  Legally incorporated name Source: Global Sign, (2013)
    11. 11. Phishing  Masquerades as an official website communication  Requests users' login information  Uses information to fraudulently obtain funds from their account  Who is responsible for the customer’s loss?
    12. 12. Managerial Implications  Reputational damage  Trust  Disruption  Inconvenience  Loss of traffic  Costs
    13. 13. Managerial Preventative Measures  Secure website design from the beginning – difficult/expensive to add later  Antivirus software is always up to date  Firewalls  Phishing notifications via email  Employee email filtering  Securesign SSL/TLS Certificates  Split login screens
    14. 14. Privacy  Data Protection Act 1998  How data is collected and used  Privacy and Electronic Communications Regulations  Cookies  Email Marketing and SPAM
    15. 15. Consumer Concerns  Data leakage – how secure is my data and what happens if it is lost/leaked?  Data use without consent  Annoyance/Waste of time  Not having opt in/opt out notices Source: Smart Insights (2012)
    16. 16. Data Protection Act 1998  Eight Principles:  1. Fairly and lawfully processed  2. Processed for limited purposes  3. Adequate, relevant and not excessive  4. Accurate and up to date  5. Not kept longer than necessary  6. Processed in accordance with the individuals rights  7. Secure  8. Not transferred to a country outside the EEC unless it has adequate protection Most breached principle in 2012
    17. 17. Data Protection Act 1998  Applies to customers as well as employees  Personal data  Name, address, NI Number  Sensitive data  Political views, religion, ethnicity  Data subject access requests  Enforced by the Information Commissioner’s Office
    18. 18. Data Protection Non-compliance  Monetary – up to £500,000  Undertaking  Prosecution
    19. 19. Privacy and Electronic Communications Regulations  Electronic Marketing Activities  Email marketing and SPAM  Cookies  Enforced by the Information Commissioners Office
    20. 20. Cookies  What is a Cookie?  A small text file that stores user information on their computer  What is it used for?  Shopping cart  Personalisation  Cookie Ingredients  Domain  Name  Value  Expiry  Path  Secure  HTTP only
    21. 21. Privacy Directive 26 May 2012  Website notification that cookies are in use  Gives option/instructions how to disable and find further information
    22. 22. Email Marketing and SPAM  What is SPAM?  Emails sent without consent  Sent in bulk and impersonalised  Email Marketing Regulations  Consent must be given to receive marketing communications - except where there is a defined relationship  Must contain an unsubscribe link in the email  ICO can investigate complaints relating to SPAM sent from the UK
    23. 23. Email Marketing and SPAM  Consent  User must “opt in” rather than “opt out” – i.e. the check box should be unticked  Must be made clear that they are consenting to receive communications  What is a defined relationship/soft opt-in?  Obtained customer details during course of previous sale transaction  Marketing is of similar products  Option to opt-out is given in every future message
    24. 24. PECR Non-compliance  Written request for compliance  Monetary – up to £500,000  Undertaking  Prosecution
    25. 25. Managerial Implications  Large fines  Reputational damage  Trust  Angry customers
    26. 26. Managerial/Consumer Preventative Measures  Appoint a Data Controller for your organisation who will be responsible for DPA and PECR obligations – legal obligation under DPA  Ensure fully compliant with all legislation and regulations  Security and privacy notices on the website in plain English to reassure customers  Be careful who your email address is given to  Don’t click on spam and attachments  Unsubscribe/ Opt out
    27. 27. Conclusion  Security  Priority  Reassurance for customers  Privacy  Comply with laws and regulations to avoid punishment  Reassurance for customers  For more information:  Symantec Internet Security Threat Report 2011 (published April 2012)  ICO website
    28. 28. References  Chaffey, D., 2013. Website Security Requirements. [online]. Available at: http://www.smartinsights.com/ecommerce/payment-security/website-security- requirements/ [accessed 28 February 2013]  Chaffey, D., 2012. Research on consumer attitudes to online privacy. [online]. Available at: http://www.smartinsights.com/marketplace-analysis/customer-analysis/research-on- consumer-attitudes-to-online-privacy/ [accessed 28 February 2013]  Chaffey, D., Mayer, R., Johnston, K. and Ellis-Chadwick, F., 2000. Internet Marketing. Essex: Pearson.  Financial Ombudsman Service, 2013. Disputed technical transaction. [online]. Available at: http://www.financial-ombudsman.org.uk/publications/technical_notes/disputed- transactions.htm [accessed 10 March 2013]  Global Sign, 2013. Security Certificates. [Online]. Available at: https://www.globalsign.co.uk/ssl/domain-ssl/ [accessed 18 March 2013]  Halliday, J., 2012. The Guardian reaches nearly 9 million readers across print and online. [online]. Available at: http://www.guardian.co.uk/media/2012/sep/12/guardian-9- million-readers-nrs [accessed 10 March 2013]  Information Commissioner’s Office, 2013. Data Protection Act Claiming Compensation. [online] available at: http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/c laiming_compensation.pdf [accessed 12 March 2013]  Information Commissioner’s Office, 2013. Electronic Mail (Regulations 22 and 23). [online] available at: http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_gui de/electronic_mail.aspx [accessed 10 March 2013]  Information Commissioner’s Office, 2013. Privacy and Electronic Communications Regulations. [online] available at:http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications.aspx [accessed 3 March 2013]  Information Commissioner’s Office, 2013. Sensitive details of NHS staff published by Trust in Devon. [online] available at: http://www.ico.gov.uk/news/latest_news/2012/sensitive-details-of-nhs-staff- published-by-devon-trust-06082012.aspx  Information Commissioner’s Office, 2013. Viral Marketing. [online] available at: http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_gui de/viral_marketing.aspx [accessed 3 March 2013]  Oremus, W., 2013. Unprotected Sects. [online] Available at: http://www.slate.com/articles/technology/technology/2012/05/malware_and_computer_vi ruses_they_ve_left_porn_sites_for_religious_sites_.html [accessed 12 March 2013]  Norton, 2013. Phishing [online]. Available at: http://uk.norton.com/security_response/phishing.jsp [accessed 10 March 2013]  Paypal, 2013. Security. [online]. Available at: https://www.paypal.com/uk/webapps/mpp/paypal-safety-and-security [accessed 10 March 2013]  Perlroth, N, 2012. Six big banks targeted in online attacks. [online. Available at: http://www.bostonglobe.com/business/2012/09/30/banks-hits-wave-computer-attacks- group-claiming-middle-east-ties/gsE6W3V57nBAYrko1ag8rN/story.html [accessed 10 March 2013]  Seltzer, L, 2010. ‘I Love You’ virus turns ten: what have we learned? [online]. Available at: http://www.pcmag.com/article2/0,2817,2363172,00.asp [accessed 28 February 2013]  Symantec, (2012). Internet Security Threat Report 2011{online]. Available at: http://www.symantec.com/content/en/us/enterprise/other_resources/b- istr_main_report_2011_21239364.en-us.pdf [ accessed 12 March 2013]  Teixera, R, 2007. Top five small business internet security threats. [online]. Available at: http://smallbiztrends.com/2007/06/top-five-small-business-internet-security-threats.html [accessed 3 March 2013].  Watson Hall, 2013. Top 10 Website Security Issues. [online]. Available at: https://www.watsonhall.com/resources/downloads/top10-website-security-issues.pdf [accessed 28 February 2013]

    ×