Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Security & Privacy Issues for
the Consumer & Site Owner
By: Alexandra MacLeod and Liane Van Diepen
10039412/12063364
20 Ma...
Introduction
 Security
 Types of Risks
 Privacy
 Data Protection Act 1998
 Privacy and Electronic Communications Regu...
Security - Consumer Concerns
 Stolen credit card details
 Phishing
 Downloading viruses
 Website has security
certific...
Security – Site Owner
 What is information security?
 Ensuring your website is available 24 hours a day for your
custome...
Types of Security Risks
 Denial of Service Attack
 Hacking
 Destruction of Data - viruses
 Malware
 Phishing
 Secure...
Denial of Service Attack
 Hackers overload website
with traffic
 Website can't handle
volume and shuts down
 Major disr...
Hacking
 Unauthorised website
access/publication
 Malicious intent /
monetary gain
 The Sun newspaper
hacked by infamou...
Destruction of Data - Viruses
 Computer viruses can shut
down company websites
 I Love You Virus
 Attachment sent via e...
Malicious Software on Websites
 “When it comes to computer
viruses, you’re now more
likely to catch one visiting a
church...
Secure Payments/Website
Encryption
 Secure payments
 Well known payment system such as
WorldPal or PayPal which uses enc...
Phishing
 Masquerades as an official
website communication
 Requests users' login
information
 Uses information to
frau...
Managerial Implications
 Reputational damage
 Trust
 Disruption
 Inconvenience
 Loss of traffic
 Costs
Managerial Preventative Measures
 Secure website design from
the beginning –
difficult/expensive to add
later
 Antivirus...
Privacy
 Data Protection Act 1998
 How data is collected and used
 Privacy and Electronic Communications Regulations
 ...
Consumer Concerns
 Data leakage – how secure
is my data and what
happens if it is lost/leaked?
 Data use without consent...
Data Protection Act 1998
 Eight Principles:
 1. Fairly and lawfully processed
 2. Processed for limited purposes
 3. A...
Data Protection Act 1998
 Applies to customers as well
as employees
 Personal data
 Name, address, NI Number
 Sensitiv...
Data Protection Non-compliance
 Monetary – up to £500,000
 Undertaking
 Prosecution
Privacy and Electronic
Communications Regulations
 Electronic Marketing
Activities
 Email marketing and
SPAM
 Cookies
...
Cookies
 What is a Cookie?
 A small text file that stores user
information on their computer
 What is it used for?
 Sh...
Privacy Directive 26 May 2012
 Website notification that cookies are in use
 Gives option/instructions how to disable an...
Email Marketing and SPAM
 What is SPAM?
 Emails sent without consent
 Sent in bulk and impersonalised
 Email Marketing...
Email Marketing and SPAM
 Consent
 User must “opt in” rather than
“opt out” – i.e. the check box
should be unticked
 Mu...
PECR Non-compliance
 Written request for
compliance
 Monetary – up to £500,000
 Undertaking
 Prosecution
Managerial Implications
 Large fines
 Reputational damage
 Trust
 Angry customers
Managerial/Consumer
Preventative Measures
 Appoint a Data Controller for your
organisation who will be
responsible for DP...
Conclusion
 Security
 Priority
 Reassurance for customers
 Privacy
 Comply with laws and regulations
to avoid punishm...
References
 Chaffey, D., 2013. Website Security Requirements. [online]. Available at:
http://www.smartinsights.com/ecomme...
Upcoming SlideShare
Loading in …5
×

Digital marketing presentation - security risks for websites

570 views

Published on

Digital marketing presentation - security risks for websites

Published in: Marketing

Digital marketing presentation - security risks for websites

  1. 1. Security & Privacy Issues for the Consumer & Site Owner By: Alexandra MacLeod and Liane Van Diepen 10039412/12063364 20 March 2013
  2. 2. Introduction  Security  Types of Risks  Privacy  Data Protection Act 1998  Privacy and Electronic Communications Regulations  Cookies  Email Marketing and SPAM  Managerial Implications & Preventative Measures
  3. 3. Security - Consumer Concerns  Stolen credit card details  Phishing  Downloading viruses  Website has security certificates Source: Smart Insights (2012)
  4. 4. Security – Site Owner  What is information security?  Ensuring your website is available 24 hours a day for your customers  Ensuring only the correct people can administer the website’s content  Preventing unauthorised alteration or destruction of your data  Avoiding your website being used to distribute other peoples’ software  Ensuring that your employees cannot accidentally delete valuable information  Stopping your website being used to damage users’ computers  Protecting your reputation Source: Watson Hall Security, Smart Insights (2012)
  5. 5. Types of Security Risks  Denial of Service Attack  Hacking  Destruction of Data - viruses  Malware  Phishing  Secure Payments/Website Encryption Source: Watson Hall Security (2013); Symantec Internet Security Threat Report (2012);
  6. 6. Denial of Service Attack  Hackers overload website with traffic  Website can't handle volume and shuts down  Major disruption to service
  7. 7. Hacking  Unauthorised website access/publication  Malicious intent / monetary gain  The Sun newspaper hacked by infamous LulzSec hacking group  1 million online users  Data Protection obligations
  8. 8. Destruction of Data - Viruses  Computer viruses can shut down company websites  I Love You Virus  Attachment sent via email  Overwrites photo/video files  Shutdown websites including Ford and Chrysler due to employees opening infected email attachments
  9. 9. Malicious Software on Websites  “When it comes to computer viruses, you’re now more likely to catch one visiting a church website than surfing for porn” – Symantec (2012)  Malware – viruses, worms, Trojans, bots  Infects website the user’s computers  Downloadable files on websites are a hotbed for viruses  External content on websites such as videos and photos are virus-prone Source : Symantec Internet Security Threat Report (2012)
  10. 10. Secure Payments/Website Encryption  Secure payments  Well known payment system such as WorldPal or PayPal which uses encryption  Use Transport Layer Security (TLS) and Secure Socket Layers (SSL) certificates to reassure customers:  Padlock  HTTPS  Green Address Bar  Legally incorporated name Source: Global Sign, (2013)
  11. 11. Phishing  Masquerades as an official website communication  Requests users' login information  Uses information to fraudulently obtain funds from their account  Who is responsible for the customer’s loss?
  12. 12. Managerial Implications  Reputational damage  Trust  Disruption  Inconvenience  Loss of traffic  Costs
  13. 13. Managerial Preventative Measures  Secure website design from the beginning – difficult/expensive to add later  Antivirus software is always up to date  Firewalls  Phishing notifications via email  Employee email filtering  Securesign SSL/TLS Certificates  Split login screens
  14. 14. Privacy  Data Protection Act 1998  How data is collected and used  Privacy and Electronic Communications Regulations  Cookies  Email Marketing and SPAM
  15. 15. Consumer Concerns  Data leakage – how secure is my data and what happens if it is lost/leaked?  Data use without consent  Annoyance/Waste of time  Not having opt in/opt out notices Source: Smart Insights (2012)
  16. 16. Data Protection Act 1998  Eight Principles:  1. Fairly and lawfully processed  2. Processed for limited purposes  3. Adequate, relevant and not excessive  4. Accurate and up to date  5. Not kept longer than necessary  6. Processed in accordance with the individuals rights  7. Secure  8. Not transferred to a country outside the EEC unless it has adequate protection Most breached principle in 2012
  17. 17. Data Protection Act 1998  Applies to customers as well as employees  Personal data  Name, address, NI Number  Sensitive data  Political views, religion, ethnicity  Data subject access requests  Enforced by the Information Commissioner’s Office
  18. 18. Data Protection Non-compliance  Monetary – up to £500,000  Undertaking  Prosecution
  19. 19. Privacy and Electronic Communications Regulations  Electronic Marketing Activities  Email marketing and SPAM  Cookies  Enforced by the Information Commissioners Office
  20. 20. Cookies  What is a Cookie?  A small text file that stores user information on their computer  What is it used for?  Shopping cart  Personalisation  Cookie Ingredients  Domain  Name  Value  Expiry  Path  Secure  HTTP only
  21. 21. Privacy Directive 26 May 2012  Website notification that cookies are in use  Gives option/instructions how to disable and find further information
  22. 22. Email Marketing and SPAM  What is SPAM?  Emails sent without consent  Sent in bulk and impersonalised  Email Marketing Regulations  Consent must be given to receive marketing communications - except where there is a defined relationship  Must contain an unsubscribe link in the email  ICO can investigate complaints relating to SPAM sent from the UK
  23. 23. Email Marketing and SPAM  Consent  User must “opt in” rather than “opt out” – i.e. the check box should be unticked  Must be made clear that they are consenting to receive communications  What is a defined relationship/soft opt-in?  Obtained customer details during course of previous sale transaction  Marketing is of similar products  Option to opt-out is given in every future message
  24. 24. PECR Non-compliance  Written request for compliance  Monetary – up to £500,000  Undertaking  Prosecution
  25. 25. Managerial Implications  Large fines  Reputational damage  Trust  Angry customers
  26. 26. Managerial/Consumer Preventative Measures  Appoint a Data Controller for your organisation who will be responsible for DPA and PECR obligations – legal obligation under DPA  Ensure fully compliant with all legislation and regulations  Security and privacy notices on the website in plain English to reassure customers  Be careful who your email address is given to  Don’t click on spam and attachments  Unsubscribe/ Opt out
  27. 27. Conclusion  Security  Priority  Reassurance for customers  Privacy  Comply with laws and regulations to avoid punishment  Reassurance for customers  For more information:  Symantec Internet Security Threat Report 2011 (published April 2012)  ICO website
  28. 28. References  Chaffey, D., 2013. Website Security Requirements. [online]. Available at: http://www.smartinsights.com/ecommerce/payment-security/website-security- requirements/ [accessed 28 February 2013]  Chaffey, D., 2012. Research on consumer attitudes to online privacy. [online]. Available at: http://www.smartinsights.com/marketplace-analysis/customer-analysis/research-on- consumer-attitudes-to-online-privacy/ [accessed 28 February 2013]  Chaffey, D., Mayer, R., Johnston, K. and Ellis-Chadwick, F., 2000. Internet Marketing. Essex: Pearson.  Financial Ombudsman Service, 2013. Disputed technical transaction. [online]. Available at: http://www.financial-ombudsman.org.uk/publications/technical_notes/disputed- transactions.htm [accessed 10 March 2013]  Global Sign, 2013. Security Certificates. [Online]. Available at: https://www.globalsign.co.uk/ssl/domain-ssl/ [accessed 18 March 2013]  Halliday, J., 2012. The Guardian reaches nearly 9 million readers across print and online. [online]. Available at: http://www.guardian.co.uk/media/2012/sep/12/guardian-9- million-readers-nrs [accessed 10 March 2013]  Information Commissioner’s Office, 2013. Data Protection Act Claiming Compensation. [online] available at: http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/c laiming_compensation.pdf [accessed 12 March 2013]  Information Commissioner’s Office, 2013. Electronic Mail (Regulations 22 and 23). [online] available at: http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_gui de/electronic_mail.aspx [accessed 10 March 2013]  Information Commissioner’s Office, 2013. Privacy and Electronic Communications Regulations. [online] available at:http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications.aspx [accessed 3 March 2013]  Information Commissioner’s Office, 2013. Sensitive details of NHS staff published by Trust in Devon. [online] available at: http://www.ico.gov.uk/news/latest_news/2012/sensitive-details-of-nhs-staff- published-by-devon-trust-06082012.aspx  Information Commissioner’s Office, 2013. Viral Marketing. [online] available at: http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_gui de/viral_marketing.aspx [accessed 3 March 2013]  Oremus, W., 2013. Unprotected Sects. [online] Available at: http://www.slate.com/articles/technology/technology/2012/05/malware_and_computer_vi ruses_they_ve_left_porn_sites_for_religious_sites_.html [accessed 12 March 2013]  Norton, 2013. Phishing [online]. Available at: http://uk.norton.com/security_response/phishing.jsp [accessed 10 March 2013]  Paypal, 2013. Security. [online]. Available at: https://www.paypal.com/uk/webapps/mpp/paypal-safety-and-security [accessed 10 March 2013]  Perlroth, N, 2012. Six big banks targeted in online attacks. [online. Available at: http://www.bostonglobe.com/business/2012/09/30/banks-hits-wave-computer-attacks- group-claiming-middle-east-ties/gsE6W3V57nBAYrko1ag8rN/story.html [accessed 10 March 2013]  Seltzer, L, 2010. ‘I Love You’ virus turns ten: what have we learned? [online]. Available at: http://www.pcmag.com/article2/0,2817,2363172,00.asp [accessed 28 February 2013]  Symantec, (2012). Internet Security Threat Report 2011{online]. Available at: http://www.symantec.com/content/en/us/enterprise/other_resources/b- istr_main_report_2011_21239364.en-us.pdf [ accessed 12 March 2013]  Teixera, R, 2007. Top five small business internet security threats. [online]. Available at: http://smallbiztrends.com/2007/06/top-five-small-business-internet-security-threats.html [accessed 3 March 2013].  Watson Hall, 2013. Top 10 Website Security Issues. [online]. Available at: https://www.watsonhall.com/resources/downloads/top10-website-security-issues.pdf [accessed 28 February 2013]

×