
These are all great questions that we’ll talk about in this article.
Privacy Policy
Every website which collects data should publish a Privacy Policy. This is not only for the users’ sake but also to protect the website’s owners. This privacy policy should explain how the site owners may use and disclose your data, the types of collected data, and how a user can contact the owner if they have concerns.
Okay, so now you know where to look to find out how your data is being used and what your rights are. But what if you want to submit confidential information? If you own the website, how do you keep confidential information secure?
SSL Certificates
SSL (Secure Socket Layer) certificates are the modern standard in website security technology. When you visit a site that has a properly installed certificate, a secure link is established between the web server and your browser. This link ensures that the data passed between these two points remains private and confidential. When you complete a form on an SSL secured website you can be assured that your data will be protected against interception. Even if it somehow gets intercepted by an unintended 3rd party, that person would only see garbled nonsense. Modern 256-bit encryption is so secure that even if 70 billion modern processors were focused on cracking a single value, it would still take 77 septillion years to crack it (that’s 77 followed by 24 zeros)!
You can tell if a website is protected by an SSL certificate by looking at the URL of the page you’re viewing – check if it starts with https:// (the “s” stands for secure). Also check to the left of the address to make sure a green padlock appears (or its equivalent in your browser of choice).
Data Process Protection
As a user, once you verify that the site is SSL secured and has an agreeable Privacy Policy, clicking “Submit” still transfers control of your data over to the website’s owner. As an owner, it is important to regularly review internal protocols to make sure that you are living up to the published Privacy Policy. If your form has the potential to collect identifying healthcare information, this becomes a mandated legal requirement.
Online Form Sent to Email
Some online forms send data directly to the recipient’s email address. Email is still one of the least secure forms of online communication. Often an email will get copied and stored in plain text on several servers during routine transit – a footprint which doesn’t disappear for years. For this reason, you should never email confidential information unless both the sender and recipient are using end-to-end encryption.
Products like Proofpoint offer email encryption for organizations. They also have products which scan incoming and/or outgoing email to ensure that their organization is not sending or receiving sensitive data – those emails get stopped by the gatekeeper. These are great tools to minimize risk.
Online Form Sent to 3rd Party Program
There are many 3rd party products available that encrypt online form submissions and send them to a secure document server for retrieval using a private decryption key. The intended recipient may receive an email about the form but the email will not contain any actual data. You will still need to review the 3rd party product you’re subscribing to and ensure that their security procedures are adequate.
Appletree MediaWorks has experience collecting and securely storing online data and documents for our clients. We would be happy to discuss your company’s security needs.
Key points to a secure data system include:
- SSL Certificate on the entire website (this makes Google happy too)
- Secure Passwords and separate accounts for each user
- Document encryption and decryption process
- Document authentication and retrieval system
- A Web Application Firewall
- Storing documents outside of the live website
- Retrieving and viewing the uploaded documents only through SSL
- Audit report with logins, document access logs and IP addresses
- A procedure for truly deleting information off of servers and computers (multi-pass)
- MySQL injection prevention
- Training staff on proper privileged document handling procedures
Improper Data Procedures
My family recently had an experience with an insurance company that collected lots of personal information on their paper application forms. They insisted on using paper applications because they were more “secure”. They cited concerns that the data might be hackable if it was online. As an IT professional, I knew it would be much easier to steal paper from a desk than it would be to hack it from a secure environment. But I trusted that this professional company had staff trained on proper document handling procedures.
The company then made a simple and foolish mistake. They scanned in our application and attached it to an email and sent it back to me with a question. We had a long discussion about the risk they just put our family in by sending this form over email. As IT professionals, we offered them other workflow options that did not involve sending secure data through insecure channels. They are now paying for identity theft services for our family because of their mishandling of our secure information. This is a good example of how improper training and knowledge of these issues can become very costly for a company – and how the right knowledge can help you hold companies accountable when and if your data is ever compromised.
Subscribe To Our E-Newsletter
Recent Articles
- The Great Phishing Scamdemic
Have you been noticing an abundance of suspicious looking emails flooding y…
- Serious Risks to Consider When Socializing Distantly
In today’s crazy world of staying home instead of visiting friends, we’ve a…
- Ten Tips on How to be Successful While Working From Home Dur
As a web developer of over 15 years, I’ve spent a lot of time working remot…
Recommended Posts
Upcoming Events
Social Media
- Chinese Government Holds Back Everyone’s Internet Freedom: A strong example of the problems this world... Chinese Government Holds Back Everyone’s Internet Freedom: A strong example of the problems this world faces with cyber censorship is what is going on in China. The government blocks many websit ...
- EU-US Privacy Shield Still Not Protecting Your Privacy: Still collecting bulk data, problems with the... EU-US Privacy Shield Still Not Protecting Your Privacy: Still collecting bulk data, problems with the judicial redress act, and no true protection for businesses
- Copyright and Social Media: This has become a gray area. Almost everyone is guilty of... Copyright and Social Media: This has become a gray area. Almost everyone is guilty of sharing something on social media, whether it be Facebook, Twitter, or Pinterest, that was copyrighted and not you ...
- How Your Devices are Tracking you and How to Stop it: Apple, Microsoft, and Android How Your Devices are Tracking you and How to Stop it: Apple, Microsoft, and Android
- Being Safe while Downloading Apps: With how many apps are downloaded it is always a... Being Safe while Downloading Apps: With how many apps are downloaded it is always a good idea to stay safe while downloading. You must take precautions, learn where to download, and do your research.
- Why Labor Unions Need Member Data System: Many large organizations – specifically labor unions –... Why Labor Unions Need Member Data System: Many large organizations – specifically labor unions – struggle trying to keep their member data updated and accessible. Without a centralized dat ...
- Is Your Phone Keeping You up at Night? Our electronics tend to distract us from... Is Your Phone Keeping You up at Night? Our electronics tend to distract us from going to bed, disrupt our sleep with constant sounds, and hurt our health with their blue light.
- All About Browsers: With so many browsers out there including: Google Chrome, Mozilla Firefox, Opera,... All About Browsers: With so many browsers out there including: Google Chrome, Mozilla Firefox, Opera, and Safari, you may have a hard time choosing one. While all of them have their ups and downs you ...
- Mobile Sub-Site versus Responsive Web Design: In 2016, if your website is not mobile ready... Mobile Sub-Site versus Responsive Web Design: In 2016, if your website is not mobile ready you need to change that today. Two main ways to make your site mobile is to either have a mobile sub-site or ...
- Do Not Track: Two members of congress filed a bill called the ‘Do Not Track... Do Not Track: Two members of congress filed a bill called the ‘Do Not Track Online Act of 2015’
- Website Tips for 2016: -Fresh Up to Date Modern Websites -Easy Navigation is Key -Website... Website Tips for 2016: -Fresh Up to Date Modern Websites -Easy Navigation is Key -Website Usability -Improve Your SEO -Social Media
- Where Technology and Christmas Come Together: Check out some of the ways you can enjoy... Where Technology and Christmas Come Together: Check out some of the ways you can enjoy the Christmas festive technology and how you can share some yourself.
- How to Stay Safe While Holiday Online Shopping: Learn where to shop online, how to... How to Stay Safe While Holiday Online Shopping: Learn where to shop online, how to be secure, and best practices to keep yourself safe.
- Newsletters in the Digital Age! In a digital age sending out electronic newsletters instead of... Newsletters in the Digital Age! In a digital age sending out electronic newsletters instead of paper newsletters has become much more popular. While deciding to do your newsletter does have its downsi ...
- Safe Harbor Ruled Invalid, How it Affects You: The European Union and the Unites States... Safe Harbor Ruled Invalid, How it Affects You: The European Union and the Unites States will be meeting on December 17th to create a new agreement for the Safe Harbor. They plan to conclude this agree ...
-
- The Internet Helps in a Crisis: Everyone has heard about the recent Paris Attacks on... The Internet Helps in a Crisis: Everyone has heard about the recent Paris Attacks on November 13th many dead, wounded, or stranded. Many companies have made use of the Internet in a time of crisis to ...
- Advertising Online for your Business: Advertising your business online can boost your sales and website... Advertising Online for your Business: Advertising your business online can boost your sales and website traffic if done the correct way. There are many different ways and places to advertise online
- Using Analytics for Your Business: Analytics is data analysis that usual involves taking past data... Using Analytics for Your Business: Analytics is data analysis that usual involves taking past data to find trends and effects or decisions or events. It can also compare old data with new data using a ...
- The NSA and Online Privacy: Many studies, cases, and documents show that the NSA is... The NSA and Online Privacy: Many studies, cases, and documents show that the NSA is spying on American citizens using online surveillance. As an American, this invades our Freedom of Speech and our Ri ...
- BrandiGirlBlog published this great chart of color and size conversions between inches and pixels, etc.... BrandiGirlBlog published this great chart of color and size conversions between inches and pixels, etc. MonaRaeBeads.etsy.com ★ || CHARACTER DESIGN REFERENCES | キャラク& ...
- Learn About Scam Emails: Scam emails are a very popular and while most email services... Learn About Scam Emails: Scam emails are a very popular and while most email services have a spam sorting feature built in, not all will be sorted properly. Scams can look like they came from a friend ...
- Google Event, the Good and Bad: Google held their press event on Tuesday, September 19th... Google Event, the Good and Bad: Google held their press event on Tuesday, September 19th in San Francisco announcing many new products such as the Nexus 6P and 5X, the new Chromecast 2, Chromecast Aud ...
- Prevent Malware on your Smartphone: Different malware includes adware, bug, spyware, Trojan horse, virus, and... Prevent Malware on your Smartphone: Different malware includes adware, bug, spyware, Trojan horse, virus, and many more (Learn more about Malware types ) There are some signs that your phone is being ...