SlideShare a Scribd company logo

digitalmarketingfinal-151111124851-lva1-app6891.pdf

V
VaishnavGhadge1

Best

Education
1 of 28
Download to read offline
Security & Privacy Issues for the Consumer & Site Owner By: Alexandra MacLeod and Liane Van Diepen 10039412/12063364 20 March 2013
Introduction  Security  Types of Risks  Privacy  Data Protection Act 1998  Privacy and Electronic Communications Regulations  Cookies  Email Marketing and SPAM  Managerial Implications & Preventative Measures
Security - Consumer Concerns  Stolen credit card details  Phishing  Downloading viruses  Website has security certificates Source: Smart Insights (2012)
Security – Site Owner  What is information security?  Ensuring your website is available 24 hours a day for your customers  Ensuring only the correct people can administer the website’s content  Preventing unauthorised alteration or destruction of your data  Avoiding your website being used to distribute other peoples’ software  Ensuring that your employees cannot accidentally delete valuable information  Stopping your website being used to damage users’ computers  Protecting your reputation Source: Watson Hall Security, Smart Insights (2012)
Types of Security Risks  Denial of Service Attack  Hacking  Destruction of Data - viruses  Malware  Phishing  Secure Payments/Website Encryption Source: Watson Hall Security (2013); Symantec Internet Security Threat Report (2012);
Denial of Service Attack  Hackers overload website with traffic  Website can't handle volume and shuts down  Major disruption to service
Hacking  Unauthorised website access/publication  Malicious intent / monetary gain  The Sun newspaper hacked by infamous LulzSec hacking group  1 million online users  Data Protection obligations
Destruction of Data - Viruses  Computer viruses can shut down company websites  I Love You Virus  Attachment sent via email  Overwrites photo/video files  Shutdown websites including Ford and Chrysler due to employees opening infected email attachments
Malicious Software on Websites  “When it comes to computer viruses, you’re now more likely to catch one visiting a church website than surfing for porn” – Symantec (2012)  Malware – viruses, worms, Trojans, bots  Infects website the user’s computers  Downloadable files on websites are a hotbed for viruses  External content on websites such as videos and photos are virus-prone Source : Symantec Internet Security Threat Report (2012)
Secure Payments/Website Encryption  Secure payments  Well known payment system such as WorldPal or PayPal which uses encryption  Use Transport Layer Security (TLS) and Secure Socket Layers (SSL) certificates to reassure customers:  Padlock  HTTPS  Green Address Bar  Legally incorporated name Source: Global Sign, (2013)
Phishing  Masquerades as an official website communication  Requests users' login information  Uses information to fraudulently obtain funds from their account  Who is responsible for the customer’s loss?
Managerial Implications  Reputational damage  Trust  Disruption  Inconvenience  Loss of traffic  Costs
Managerial Preventative Measures  Secure website design from the beginning – difficult/expensive to add later  Antivirus software is always up to date  Firewalls  Phishing notifications via email  Employee email filtering  Securesign SSL/TLS Certificates  Split login screens
Privacy  Data Protection Act 1998  How data is collected and used  Privacy and Electronic Communications Regulations  Cookies  Email Marketing and SPAM
Consumer Concerns  Data leakage – how secure is my data and what happens if it is lost/leaked?  Data use without consent  Annoyance/Waste of time  Not having opt in/opt out notices Source: Smart Insights (2012)
Data Protection Act 1998  Eight Principles:  1. Fairly and lawfully processed  2. Processed for limited purposes  3. Adequate, relevant and not excessive  4. Accurate and up to date  5. Not kept longer than necessary  6. Processed in accordance with the individuals rights  7. Secure  8. Not transferred to a country outside the EEC unless it has adequate protection Most breached principle in 2012
Data Protection Act 1998  Applies to customers as well as employees  Personal data  Name, address, NI Number  Sensitive data  Political views, religion, ethnicity  Data subject access requests  Enforced by the Information Commissioner’s Office
Data Protection Non-compliance  Monetary – up to £500,000  Undertaking  Prosecution
Privacy and Electronic Communications Regulations  Electronic Marketing Activities  Email marketing and SPAM  Cookies  Enforced by the Information Commissioners Office
Cookies  What is a Cookie?  A small text file that stores user information on their computer  What is it used for?  Shopping cart  Personalisation  Cookie Ingredients  Domain  Name  Value  Expiry  Path  Secure  HTTP only
Privacy Directive 26 May 2012  Website notification that cookies are in use  Gives option/instructions how to disable and find further information
Email Marketing and SPAM  What is SPAM?  Emails sent without consent  Sent in bulk and impersonalised  Email Marketing Regulations  Consent must be given to receive marketing communications - except where there is a defined relationship  Must contain an unsubscribe link in the email  ICO can investigate complaints relating to SPAM sent from the UK
Email Marketing and SPAM  Consent  User must “opt in” rather than “opt out” – i.e. the check box should be unticked  Must be made clear that they are consenting to receive communications  What is a defined relationship/soft opt-in?  Obtained customer details during course of previous sale transaction  Marketing is of similar products  Option to opt-out is given in every future message
PECR Non-compliance  Written request for compliance  Monetary – up to £500,000  Undertaking  Prosecution
Managerial Implications  Large fines  Reputational damage  Trust  Angry customers
Managerial/Consumer Preventative Measures  Appoint a Data Controller for your organisation who will be responsible for DPA and PECR obligations – legal obligation under DPA  Ensure fully compliant with all legislation and regulations  Security and privacy notices on the website in plain English to reassure customers  Be careful who your email address is given to  Don’t click on spam and attachments  Unsubscribe/ Opt out
Conclusion  Security  Priority  Reassurance for customers  Privacy  Comply with laws and regulations to avoid punishment  Reassurance for customers  For more information:  Symantec Internet Security Threat Report 2011 (published April 2012)  ICO website
References  Chaffey, D., 2013. Website Security Requirements. [online]. Available at: http://www.smartinsights.com/ecommerce/payment-security/website-security- requirements/ [accessed 28 February 2013]  Chaffey, D., 2012. Research on consumer attitudes to online privacy. [online]. Available at: http://www.smartinsights.com/marketplace-analysis/customer-analysis/research-on- consumer-attitudes-to-online-privacy/ [accessed 28 February 2013]  Chaffey, D., Mayer, R., Johnston, K. and Ellis-Chadwick, F., 2000. Internet Marketing. Essex: Pearson.  Financial Ombudsman Service, 2013. Disputed technical transaction. [online]. Available at: http://www.financial-ombudsman.org.uk/publications/technical_notes/disputed- transactions.htm [accessed 10 March 2013]  Global Sign, 2013. Security Certificates. [Online]. Available at: https://www.globalsign.co.uk/ssl/domain-ssl/ [accessed 18 March 2013]  Halliday, J., 2012. The Guardian reaches nearly 9 million readers across print and online. [online]. Available at: http://www.guardian.co.uk/media/2012/sep/12/guardian-9- million-readers-nrs [accessed 10 March 2013]  Information Commissioner’s Office, 2013. Data Protection Act Claiming Compensation. [online] available at: http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/c laiming_compensation.pdf [accessed 12 March 2013]  Information Commissioner’s Office, 2013. Electronic Mail (Regulations 22 and 23). [online] available at: http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_gui de/electronic_mail.aspx [accessed 10 March 2013]  Information Commissioner’s Office, 2013. Privacy and Electronic Communications Regulations. [online] available at:http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications.aspx [accessed 3 March 2013]  Information Commissioner’s Office, 2013. Sensitive details of NHS staff published by Trust in Devon. [online] available at: http://www.ico.gov.uk/news/latest_news/2012/sensitive-details-of-nhs-staff- published-by-devon-trust-06082012.aspx  Information Commissioner’s Office, 2013. Viral Marketing. [online] available at: http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_gui de/viral_marketing.aspx [accessed 3 March 2013]  Oremus, W., 2013. Unprotected Sects. [online] Available at: http://www.slate.com/articles/technology/technology/2012/05/malware_and_computer_vi ruses_they_ve_left_porn_sites_for_religious_sites_.html [accessed 12 March 2013]  Norton, 2013. Phishing [online]. Available at: http://uk.norton.com/security_response/phishing.jsp [accessed 10 March 2013]  Paypal, 2013. Security. [online]. Available at: https://www.paypal.com/uk/webapps/mpp/paypal-safety-and-security [accessed 10 March 2013]  Perlroth, N, 2012. Six big banks targeted in online attacks. [online. Available at: http://www.bostonglobe.com/business/2012/09/30/banks-hits-wave-computer-attacks- group-claiming-middle-east-ties/gsE6W3V57nBAYrko1ag8rN/story.html [accessed 10 March 2013]  Seltzer, L, 2010. ‘I Love You’ virus turns ten: what have we learned? [online]. Available at: http://www.pcmag.com/article2/0,2817,2363172,00.asp [accessed 28 February 2013]  Symantec, (2012). Internet Security Threat Report 2011{online]. Available at: http://www.symantec.com/content/en/us/enterprise/other_resources/b- istr_main_report_2011_21239364.en-us.pdf [ accessed 12 March 2013]  Teixera, R, 2007. Top five small business internet security threats. [online]. Available at: http://smallbiztrends.com/2007/06/top-five-small-business-internet-security-threats.html [accessed 3 March 2013].  Watson Hall, 2013. Top 10 Website Security Issues. [online]. Available at: https://www.watsonhall.com/resources/downloads/top10-website-security-issues.pdf [accessed 28 February 2013]

Recommended

IRJET - Data Privacy,Trust Issues and Solutions in Electronic Commerce
IRJET - Data Privacy,Trust Issues and Solutions in Electronic CommerceIRJET - Data Privacy,Trust Issues and Solutions in Electronic Commerce
IRJET - Data Privacy,Trust Issues and Solutions in Electronic Commerce
IRJET Journal
 
Security environment
Security environmentSecurity environment
Security environment
Jay Choudhary
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
Rishav Gupta
 
What Types Of Information ECommerce Sites Need To.pdf
What Types Of Information ECommerce Sites Need To.pdfWhat Types Of Information ECommerce Sites Need To.pdf
What Types Of Information ECommerce Sites Need To.pdf
Host It Smart
 
Cyber Security_Training Presentation.pptx
Cyber Security_Training Presentation.pptxCyber Security_Training Presentation.pptx
Cyber Security_Training Presentation.pptx
musicalworld14
 
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
Lucy Zeniffer
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliability
caca1009
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
m8817
 

Recommended

IRJET - Data Privacy,Trust Issues and Solutions in Electronic Commerce
IRJET - Data Privacy,Trust Issues and Solutions in Electronic CommerceIRJET - Data Privacy,Trust Issues and Solutions in Electronic Commerce
IRJET - Data Privacy,Trust Issues and Solutions in Electronic Commerce
IRJET Journal
 
Security environment
Security environmentSecurity environment
Security environment
Jay Choudhary
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
Rishav Gupta
 
What Types Of Information ECommerce Sites Need To.pdf
What Types Of Information ECommerce Sites Need To.pdfWhat Types Of Information ECommerce Sites Need To.pdf
What Types Of Information ECommerce Sites Need To.pdf
Host It Smart
 
Cyber Security_Training Presentation.pptx
Cyber Security_Training Presentation.pptxCyber Security_Training Presentation.pptx
Cyber Security_Training Presentation.pptx
musicalworld14
 
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
Lucy Zeniffer
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliability
caca1009
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
m8817
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E Commerce
EamonnORagh
 
Analysis the attack and E-commerce security
Analysis the attack and E-commerce securityAnalysis the attack and E-commerce security
Analysis the attack and E-commerce security
Army Institute Of Business Administration,Savar
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce security
politegcuf
 
Legal, Ethical, Environmental, Economic and Social Implications
Legal, Ethical, Environmental, Economic and Social ImplicationsLegal, Ethical, Environmental, Economic and Social Implications
Legal, Ethical, Environmental, Economic and Social Implications
SabahtHussein
 
Information security a new era technology_
Information security a new era technology_Information security a new era technology_
Information security a new era technology_
Tahmid Munaz
 
Best Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyBest Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data Effectively
Tentacle Cloud
 
unit-1-is1.pptx
unit-1-is1.pptxunit-1-is1.pptx
unit-1-is1.pptx
sorabhsingh17
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
Bankingdotcom
 
A case study of amazon
A case study of amazonA case study of amazon
A case study of amazon
robinbarney
 
Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009
wegdam
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in Danger
ZitaAdlTrk
 
EDU 01SEMINAR.pdf
EDU 01SEMINAR.pdfEDU 01SEMINAR.pdf
EDU 01SEMINAR.pdf
JihithaJP
 
E-commerce Security and Threats
E-commerce Security and ThreatsE-commerce Security and Threats
E-commerce Security and Threats
BPalmer13
 
Cyber Privacy & Password Protection
Cyber Privacy & Password ProtectionCyber Privacy & Password Protection
Cyber Privacy & Password Protection
Nikhil D
 
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)
GuardEra Access Solutions, Inc.
 
E-Commerce (ITSP501 course)
E-Commerce (ITSP501 course)E-Commerce (ITSP501 course)
E-Commerce (ITSP501 course)
Adam Shippey
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanian
eletseditorial
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptx
ITIO Innovex
 
DSS @RIGA COMM2013 - The Value of an IT Security for Business People
DSS @RIGA COMM2013 - The Value of an IT Security for Business PeopleDSS @RIGA COMM2013 - The Value of an IT Security for Business People
DSS @RIGA COMM2013 - The Value of an IT Security for Business People
Andris Soroka
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
Ken Holmes
 
reinforcement-learning-141009013546-conversion-gate02.pdf
reinforcement-learning-141009013546-conversion-gate02.pdfreinforcement-learning-141009013546-conversion-gate02.pdf
reinforcement-learning-141009013546-conversion-gate02.pdf
VaishnavGhadge1
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.ppt
VaishnavGhadge1
 

More Related Content

Similar to digitalmarketingfinal-151111124851-lva1-app6891.pdf

A case study of amazon
A case study of amazonA case study of amazon
A case study of amazon
robinbarney
 
E-commerce Security and Threats
E-commerce Security and ThreatsE-commerce Security and Threats
E-commerce Security and Threats
BPalmer13
 

Similar to digitalmarketingfinal-151111124851-lva1-app6891.pdf (20)

Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E Commerce
 
Analysis the attack and E-commerce security
Analysis the attack and E-commerce securityAnalysis the attack and E-commerce security
Analysis the attack and E-commerce security
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce security
 
Legal, Ethical, Environmental, Economic and Social Implications
Legal, Ethical, Environmental, Economic and Social ImplicationsLegal, Ethical, Environmental, Economic and Social Implications
Legal, Ethical, Environmental, Economic and Social Implications
 
Information security a new era technology_
Information security a new era technology_Information security a new era technology_
Information security a new era technology_
 
Best Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyBest Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data Effectively
 
unit-1-is1.pptx
unit-1-is1.pptxunit-1-is1.pptx
unit-1-is1.pptx
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
A case study of amazon
A case study of amazonA case study of amazon
A case study of amazon
 
Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in Danger
 
EDU 01SEMINAR.pdf
EDU 01SEMINAR.pdfEDU 01SEMINAR.pdf
EDU 01SEMINAR.pdf
 
E-commerce Security and Threats
E-commerce Security and ThreatsE-commerce Security and Threats
E-commerce Security and Threats
 
Cyber Privacy & Password Protection
Cyber Privacy & Password ProtectionCyber Privacy & Password Protection
Cyber Privacy & Password Protection
 
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)
 
E-Commerce (ITSP501 course)
E-Commerce (ITSP501 course)E-Commerce (ITSP501 course)
E-Commerce (ITSP501 course)
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanian
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptx
 
DSS @RIGA COMM2013 - The Value of an IT Security for Business People
DSS @RIGA COMM2013 - The Value of an IT Security for Business PeopleDSS @RIGA COMM2013 - The Value of an IT Security for Business People
DSS @RIGA COMM2013 - The Value of an IT Security for Business People
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
 

More from VaishnavGhadge1

reinforcement-learning-141009013546-conversion-gate02.pdf
reinforcement-learning-141009013546-conversion-gate02.pdfreinforcement-learning-141009013546-conversion-gate02.pdf
reinforcement-learning-141009013546-conversion-gate02.pdf
VaishnavGhadge1
 

More from VaishnavGhadge1 (6)

reinforcement-learning-141009013546-conversion-gate02.pdf
reinforcement-learning-141009013546-conversion-gate02.pdfreinforcement-learning-141009013546-conversion-gate02.pdf
reinforcement-learning-141009013546-conversion-gate02.pdf
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.ppt
 
seminar.pptx
seminar.pptxseminar.pptx
seminar.pptx
 
medicalmirror-170210123013.pdf
medicalmirror-170210123013.pdfmedicalmirror-170210123013.pdf
medicalmirror-170210123013.pdf
 
big-data-8722-m8RQ3h1.pptx
big-data-8722-m8RQ3h1.pptxbig-data-8722-m8RQ3h1.pptx
big-data-8722-m8RQ3h1.pptx
 
data.2.pptx
data.2.pptxdata.2.pptx
data.2.pptx
 

Recently uploaded

Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
MateoGardella
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
MateoGardella
 

Recently uploaded (20)

INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 

digitalmarketingfinal-151111124851-lva1-app6891.pdf

  • 1. Security & Privacy Issues for the Consumer & Site Owner By: Alexandra MacLeod and Liane Van Diepen 10039412/12063364 20 March 2013
  • 2. Introduction  Security  Types of Risks  Privacy  Data Protection Act 1998  Privacy and Electronic Communications Regulations  Cookies  Email Marketing and SPAM  Managerial Implications & Preventative Measures
  • 3. Security - Consumer Concerns  Stolen credit card details  Phishing  Downloading viruses  Website has security certificates Source: Smart Insights (2012)
  • 4. Security – Site Owner  What is information security?  Ensuring your website is available 24 hours a day for your customers  Ensuring only the correct people can administer the website’s content  Preventing unauthorised alteration or destruction of your data  Avoiding your website being used to distribute other peoples’ software  Ensuring that your employees cannot accidentally delete valuable information  Stopping your website being used to damage users’ computers  Protecting your reputation Source: Watson Hall Security, Smart Insights (2012)
  • 5. Types of Security Risks  Denial of Service Attack  Hacking  Destruction of Data - viruses  Malware  Phishing  Secure Payments/Website Encryption Source: Watson Hall Security (2013); Symantec Internet Security Threat Report (2012);
  • 6. Denial of Service Attack  Hackers overload website with traffic  Website can't handle volume and shuts down  Major disruption to service
  • 7. Hacking  Unauthorised website access/publication  Malicious intent / monetary gain  The Sun newspaper hacked by infamous LulzSec hacking group  1 million online users  Data Protection obligations
  • 8. Destruction of Data - Viruses  Computer viruses can shut down company websites  I Love You Virus  Attachment sent via email  Overwrites photo/video files  Shutdown websites including Ford and Chrysler due to employees opening infected email attachments
  • 9. Malicious Software on Websites  “When it comes to computer viruses, you’re now more likely to catch one visiting a church website than surfing for porn” – Symantec (2012)  Malware – viruses, worms, Trojans, bots  Infects website the user’s computers  Downloadable files on websites are a hotbed for viruses  External content on websites such as videos and photos are virus-prone Source : Symantec Internet Security Threat Report (2012)
  • 10. Secure Payments/Website Encryption  Secure payments  Well known payment system such as WorldPal or PayPal which uses encryption  Use Transport Layer Security (TLS) and Secure Socket Layers (SSL) certificates to reassure customers:  Padlock  HTTPS  Green Address Bar  Legally incorporated name Source: Global Sign, (2013)
  • 11. Phishing  Masquerades as an official website communication  Requests users' login information  Uses information to fraudulently obtain funds from their account  Who is responsible for the customer’s loss?
  • 12. Managerial Implications  Reputational damage  Trust  Disruption  Inconvenience  Loss of traffic  Costs
  • 13. Managerial Preventative Measures  Secure website design from the beginning – difficult/expensive to add later  Antivirus software is always up to date  Firewalls  Phishing notifications via email  Employee email filtering  Securesign SSL/TLS Certificates  Split login screens
  • 14. Privacy  Data Protection Act 1998  How data is collected and used  Privacy and Electronic Communications Regulations  Cookies  Email Marketing and SPAM
  • 15. Consumer Concerns  Data leakage – how secure is my data and what happens if it is lost/leaked?  Data use without consent  Annoyance/Waste of time  Not having opt in/opt out notices Source: Smart Insights (2012)
  • 16. Data Protection Act 1998  Eight Principles:  1. Fairly and lawfully processed  2. Processed for limited purposes  3. Adequate, relevant and not excessive  4. Accurate and up to date  5. Not kept longer than necessary  6. Processed in accordance with the individuals rights  7. Secure  8. Not transferred to a country outside the EEC unless it has adequate protection Most breached principle in 2012
  • 17. Data Protection Act 1998  Applies to customers as well as employees  Personal data  Name, address, NI Number  Sensitive data  Political views, religion, ethnicity  Data subject access requests  Enforced by the Information Commissioner’s Office
  • 18. Data Protection Non-compliance  Monetary – up to £500,000  Undertaking  Prosecution
  • 19. Privacy and Electronic Communications Regulations  Electronic Marketing Activities  Email marketing and SPAM  Cookies  Enforced by the Information Commissioners Office
  • 20. Cookies  What is a Cookie?  A small text file that stores user information on their computer  What is it used for?  Shopping cart  Personalisation  Cookie Ingredients  Domain  Name  Value  Expiry  Path  Secure  HTTP only
  • 21. Privacy Directive 26 May 2012  Website notification that cookies are in use  Gives option/instructions how to disable and find further information
  • 22. Email Marketing and SPAM  What is SPAM?  Emails sent without consent  Sent in bulk and impersonalised  Email Marketing Regulations  Consent must be given to receive marketing communications - except where there is a defined relationship  Must contain an unsubscribe link in the email  ICO can investigate complaints relating to SPAM sent from the UK
  • 23. Email Marketing and SPAM  Consent  User must “opt in” rather than “opt out” – i.e. the check box should be unticked  Must be made clear that they are consenting to receive communications  What is a defined relationship/soft opt-in?  Obtained customer details during course of previous sale transaction  Marketing is of similar products  Option to opt-out is given in every future message
  • 24. PECR Non-compliance  Written request for compliance  Monetary – up to £500,000  Undertaking  Prosecution
  • 25. Managerial Implications  Large fines  Reputational damage  Trust  Angry customers
  • 26. Managerial/Consumer Preventative Measures  Appoint a Data Controller for your organisation who will be responsible for DPA and PECR obligations – legal obligation under DPA  Ensure fully compliant with all legislation and regulations  Security and privacy notices on the website in plain English to reassure customers  Be careful who your email address is given to  Don’t click on spam and attachments  Unsubscribe/ Opt out
  • 27. Conclusion  Security  Priority  Reassurance for customers  Privacy  Comply with laws and regulations to avoid punishment  Reassurance for customers  For more information:  Symantec Internet Security Threat Report 2011 (published April 2012)  ICO website
  • 28. References  Chaffey, D., 2013. Website Security Requirements. [online]. Available at: http://www.smartinsights.com/ecommerce/payment-security/website-security- requirements/ [accessed 28 February 2013]  Chaffey, D., 2012. Research on consumer attitudes to online privacy. [online]. Available at: http://www.smartinsights.com/marketplace-analysis/customer-analysis/research-on- consumer-attitudes-to-online-privacy/ [accessed 28 February 2013]  Chaffey, D., Mayer, R., Johnston, K. and Ellis-Chadwick, F., 2000. Internet Marketing. Essex: Pearson.  Financial Ombudsman Service, 2013. Disputed technical transaction. [online]. Available at: http://www.financial-ombudsman.org.uk/publications/technical_notes/disputed- transactions.htm [accessed 10 March 2013]  Global Sign, 2013. Security Certificates. [Online]. Available at: https://www.globalsign.co.uk/ssl/domain-ssl/ [accessed 18 March 2013]  Halliday, J., 2012. The Guardian reaches nearly 9 million readers across print and online. [online]. Available at: http://www.guardian.co.uk/media/2012/sep/12/guardian-9- million-readers-nrs [accessed 10 March 2013]  Information Commissioner’s Office, 2013. Data Protection Act Claiming Compensation. [online] available at: http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/c laiming_compensation.pdf [accessed 12 March 2013]  Information Commissioner’s Office, 2013. Electronic Mail (Regulations 22 and 23). [online] available at: http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_gui de/electronic_mail.aspx [accessed 10 March 2013]  Information Commissioner’s Office, 2013. Privacy and Electronic Communications Regulations. [online] available at:http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications.aspx [accessed 3 March 2013]  Information Commissioner’s Office, 2013. Sensitive details of NHS staff published by Trust in Devon. [online] available at: http://www.ico.gov.uk/news/latest_news/2012/sensitive-details-of-nhs-staff- published-by-devon-trust-06082012.aspx  Information Commissioner’s Office, 2013. Viral Marketing. [online] available at: http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_gui de/viral_marketing.aspx [accessed 3 March 2013]  Oremus, W., 2013. Unprotected Sects. [online] Available at: http://www.slate.com/articles/technology/technology/2012/05/malware_and_computer_vi ruses_they_ve_left_porn_sites_for_religious_sites_.html [accessed 12 March 2013]  Norton, 2013. Phishing [online]. Available at: http://uk.norton.com/security_response/phishing.jsp [accessed 10 March 2013]  Paypal, 2013. Security. [online]. Available at: https://www.paypal.com/uk/webapps/mpp/paypal-safety-and-security [accessed 10 March 2013]  Perlroth, N, 2012. Six big banks targeted in online attacks. [online. Available at: http://www.bostonglobe.com/business/2012/09/30/banks-hits-wave-computer-attacks- group-claiming-middle-east-ties/gsE6W3V57nBAYrko1ag8rN/story.html [accessed 10 March 2013]  Seltzer, L, 2010. ‘I Love You’ virus turns ten: what have we learned? [online]. Available at: http://www.pcmag.com/article2/0,2817,2363172,00.asp [accessed 28 February 2013]  Symantec, (2012). Internet Security Threat Report 2011{online]. Available at: http://www.symantec.com/content/en/us/enterprise/other_resources/b- istr_main_report_2011_21239364.en-us.pdf [ accessed 12 March 2013]  Teixera, R, 2007. Top five small business internet security threats. [online]. Available at: http://smallbiztrends.com/2007/06/top-five-small-business-internet-security-threats.html [accessed 3 March 2013].  Watson Hall, 2013. Top 10 Website Security Issues. [online]. Available at: https://www.watsonhall.com/resources/downloads/top10-website-security-issues.pdf [accessed 28 February 2013]