Digital marketing presentation - security risks for websites
-
Upload
alexandra-macleod -
Category
Marketing
-
view
577 -
download
1
Transcript of Digital marketing presentation - security risks for websites
![Page 1: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/1.jpg)
Security & Privacy Issues for
the Consumer & Site OwnerBy: Alexandra MacLeod and Liane Van Diepen
10039412/12063364
20 March 2013
![Page 2: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/2.jpg)
Introduction
Security
Types of Risks
Privacy
Data Protection Act 1998
Privacy and Electronic Communications Regulations
Cookies
Email Marketing and SPAM
Managerial Implications & Preventative Measures
![Page 3: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/3.jpg)
Security - Consumer Concerns
Stolen credit card details
Phishing
Downloading viruses
Website has security
certificates
Source: Smart Insights (2012)
![Page 4: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/4.jpg)
Security – Site Owner
What is information security?
Ensuring your website is available 24 hours a day for your
customers
Ensuring only the correct people can administer the website’s
content
Preventing unauthorised alteration or destruction of your data
Avoiding your website being used to distribute other peoples’
software
Ensuring that your employees cannot accidentally delete
valuable information
Stopping your website being used to damage users’ computers
Protecting your reputation
Source: Watson Hall Security, Smart Insights (2012)
![Page 5: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/5.jpg)
Types of Security Risks
Denial of Service Attack
Hacking
Destruction of Data - viruses
Malware
Phishing
Secure Payments/Website Encryption
Source: Watson Hall Security (2013);
Symantec Internet Security Threat
Report (2012);
![Page 6: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/6.jpg)
Denial of Service Attack
Hackers overload website
with traffic
Website can't handle
volume and shuts down
Major disruption to service
![Page 7: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/7.jpg)
Hacking
Unauthorised website
access/publication
Malicious intent /
monetary gain
The Sun newspaper
hacked by infamous
LulzSec hacking group
1 million online users
Data Protection
obligations
![Page 8: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/8.jpg)
Destruction of Data - Viruses
Computer viruses can shut
down company websites
I Love You Virus
Attachment sent via email
Overwrites photo/video
files
Shutdown websites
including Ford and Chrysler
due to employees opening
infected email attachments
![Page 9: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/9.jpg)
Malicious Software on Websites
“When it comes to computer viruses, you’re now more likely to catch one visiting a church website than surfing for porn” – Symantec (2012)
Malware – viruses, worms, Trojans, bots
Infects website the user’s computers
Downloadable files on websites are a hotbed for viruses
External content on websites such as videos and photos are virus-prone
Source : Symantec Internet Security
Threat Report (2012)
![Page 10: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/10.jpg)
Secure Payments/Website
Encryption
Secure payments
Well known payment system such as
WorldPal or PayPal which uses encryption
Use Transport Layer Security (TLS) and
Secure Socket Layers (SSL) certificates to
reassure customers:
Padlock
HTTPS
Green Address Bar
Legally incorporated name
Source: Global Sign, (2013)
![Page 11: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/11.jpg)
Phishing
Masquerades as an official
website communication
Requests users' login
information
Uses information to
fraudulently obtain funds
from their account
Who is responsible for the
customer’s loss?
![Page 12: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/12.jpg)
Managerial Implications
Reputational damage
Trust
Disruption
Inconvenience
Loss of traffic
Costs
![Page 13: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/13.jpg)
Managerial Preventative Measures
Secure website design from the beginning –difficult/expensive to add later
Antivirus software is always up to date
Firewalls
Phishing notifications via email
Employee email filtering
Securesign SSL/TLS Certificates
Split login screens
![Page 14: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/14.jpg)
Privacy
Data Protection Act 1998
How data is collected and used
Privacy and Electronic Communications Regulations
Cookies
Email Marketing and SPAM
![Page 15: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/15.jpg)
Consumer Concerns
Data leakage – how secure
is my data and what
happens if it is lost/leaked?
Data use without consent
Annoyance/Waste of time
Not having opt in/opt out
notices
Source: Smart Insights (2012)
![Page 16: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/16.jpg)
Data Protection Act 1998
Eight Principles:
1. Fairly and lawfully processed
2. Processed for limited purposes
3. Adequate, relevant and not excessive
4. Accurate and up to date
5. Not kept longer than necessary
6. Processed in accordance with the individuals rights
7. Secure
8. Not transferred to a country outside the EEC unless it
has adequate protection
Most breached principle in
2012
![Page 17: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/17.jpg)
Data Protection Act 1998
Applies to customers as well
as employees
Personal data
Name, address, NI Number
Sensitive data
Political views, religion,
ethnicity
Data subject access requests
Enforced by the Information
Commissioner’s Office
![Page 18: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/18.jpg)
Data Protection Non-compliance
Monetary – up to £500,000
Undertaking
Prosecution
![Page 19: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/19.jpg)
Privacy and Electronic
Communications Regulations
Electronic Marketing
Activities
Email marketing and
SPAM
Cookies
Enforced by the Information
Commissioners Office
![Page 20: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/20.jpg)
Cookies
What is a Cookie?
A small text file that stores user information on their computer
What is it used for?
Shopping cart
Personalisation
Cookie Ingredients
Domain
Name
Value
Expiry
Path
Secure
HTTP only
![Page 21: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/21.jpg)
Privacy Directive 26 May 2012
Website notification that cookies are in use
Gives option/instructions how to disable and find further
information
![Page 22: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/22.jpg)
Email Marketing and SPAM
What is SPAM?
Emails sent without consent
Sent in bulk and impersonalised
Email Marketing Regulations
Consent must be given to receive marketing communications - except where there is a defined relationship
Must contain an unsubscribe link in the email
ICO can investigate complaints relating to SPAM sent from the UK
![Page 23: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/23.jpg)
Email Marketing and SPAM
Consent
User must “opt in” rather than “opt out” – i.e. the check box should be unticked
Must be made clear that they are consenting to receive communications
What is a defined relationship/soft opt-in?
Obtained customer details during course of previous sale transaction
Marketing is of similar products
Option to opt-out is given in every future message
![Page 24: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/24.jpg)
PECR Non-compliance
Written request for
compliance
Monetary – up to £500,000
Undertaking
Prosecution
![Page 25: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/25.jpg)
Managerial Implications
Large fines
Reputational damage
Trust
Angry customers
![Page 26: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/26.jpg)
Managerial/Consumer
Preventative Measures
Appoint a Data Controller for your organisation who will be responsible for DPA and PECR obligations – legal obligation under DPA
Ensure fully compliant with all legislation and regulations
Security and privacy notices on the website in plain English to reassure customers
Be careful who your email address is given to
Don’t click on spam and attachments
Unsubscribe/ Opt out
![Page 27: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/27.jpg)
Conclusion
Security
Priority
Reassurance for customers
Privacy
Comply with laws and regulations to avoid punishment
Reassurance for customers
For more information:
Symantec Internet Security Threat Report 2011 (published April 2012)
ICO website
![Page 28: Digital marketing presentation - security risks for websites](https://reader033.fdocuments.us/reader033/viewer/2022051523/58a9e7511a28ab36018b4af3/html5/thumbnails/28.jpg)
References Chaffey, D., 2013. Website Security Requirements. [online]. Available at:
http://www.smartinsights.com/ecommerce/payment-security/website-security-
requirements/ [accessed 28 February 2013]
Chaffey, D., 2012. Research on consumer attitudes to online privacy. [online]. Available
at: http://www.smartinsights.com/marketplace-analysis/customer-analysis/research-on-
consumer-attitudes-to-online-privacy/ [accessed 28 February 2013]
Chaffey, D., Mayer, R., Johnston, K. and Ellis-Chadwick, F., 2000. Internet Marketing.
Essex: Pearson.
Financial Ombudsman Service, 2013. Disputed technical transaction. [online]. Available at:
http://www.financial-ombudsman.org.uk/publications/technical_notes/disputed-
transactions.htm [accessed 10 March 2013]
Global Sign, 2013. Security Certificates. [Online]. Available at:
https://www.globalsign.co.uk/ssl/domain-ssl/ [accessed 18 March 2013]
Halliday, J., 2012. The Guardian reaches nearly 9 million readers across print and online.
[online]. Available at: http://www.guardian.co.uk/media/2012/sep/12/guardian-9-
million-readers-nrs [accessed 10 March 2013]
Information Commissioner’s Office, 2013. Data Protection Act Claiming Compensation.
[online] available at:
http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/c
laiming_compensation.pdf [accessed 12 March 2013]
Information Commissioner’s Office, 2013. Electronic Mail (Regulations 22 and 23). [online]
available at:
http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_gui
de/electronic_mail.aspx [accessed 10 March 2013]
Information Commissioner’s Office, 2013. Privacy and Electronic Communications
Regulations. [online] available
at:http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications.aspx
[accessed 3 March 2013]
Information Commissioner’s Office, 2013. Sensitive details of NHS staff published by Trust in Devon. [online] available at: http://www.ico.gov.uk/news/latest_news/2012/sensitive-details-of-nhs-staff-published-by-devon-trust-06082012.aspx
Information Commissioner’s Office, 2013. Viral Marketing. [online] available at: http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/viral_marketing.aspx [accessed 3 March 2013]
Oremus, W., 2013. Unprotected Sects. [online] Available at: http://www.slate.com/articles/technology/technology/2012/05/malware_and_computer_viruses_they_ve_left_porn_sites_for_religious_sites_.html [accessed 12 March 2013]
Norton, 2013. Phishing [online]. Available at: http://uk.norton.com/security_response/phishing.jsp [accessed 10 March 2013]
Paypal, 2013. Security. [online]. Available at: https://www.paypal.com/uk/webapps/mpp/paypal-safety-and-security [accessed 10 March 2013]
Perlroth, N, 2012. Six big banks targeted in online attacks. [online. Available at: http://www.bostonglobe.com/business/2012/09/30/banks-hits-wave-computer-attacks-group-claiming-middle-east-ties/gsE6W3V57nBAYrko1ag8rN/story.html [accessed 10 March 2013]
Seltzer, L, 2010. ‘I Love You’ virus turns ten: what have we learned? [online]. Available at: http://www.pcmag.com/article2/0,2817,2363172,00.asp [accessed 28 February 2013]
Symantec, (2012). Internet Security Threat Report 2011{online]. Available at: http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_2011_21239364.en-us.pdf [ accessed 12 March 2013]
Teixera, R, 2007. Top five small business internet security threats. [online]. Available at: http://smallbiztrends.com/2007/06/top-five-small-business-internet-security-threats.html[accessed 3 March 2013].
Watson Hall, 2013. Top 10 Website Security Issues. [online]. Available at: https://www.watsonhall.com/resources/downloads/top10-website-security-issues.pdf[accessed 28 February 2013]