Comment: Proper data handling on Web sites

Web sites are a great means of communication and interaction with clients. They provide a high availability sales, customer service, and management tool by collecting, storing, transferring, and communicating a great deal of information. Some of this information has very low security requirements while some of it may have a powerful impact on our customers' privacy and your business.

Most Web sites are already using SSL-type encryption for sensitive or private interaction. If you are gathering any information which might be slightly sensitive, SSL is due diligence for protecting that information while in transit between the user and your site. Even though experienced users and administrators consider this common knowledge, sites still abound that fail even this common step for protecting data.

Most external forms of information theft from Web sites occur not through the transmission of the data, but from improper storage of collected information on the site or the back-end support systems the site depends upon. Storing information that was important enough to encrypt during transmission in a plain-text format or without proper access controls and/or encryption security is just plain careless; it jeopardizes the confidence of the customers, shareholders, and even your own employees.

Lastly, re-transmission of sensitive data must also be secure. Recently, I have seen a large number of sites that gather personal client information in an SSL encrypted Web form, but then simply compile the data into a flat file and email the results to another system, department, or processing facility. Again, gathering information in a secure manner and then re-transmitting that same data in an insecure manner truly brings up serious trust issues from the customer perspective. To compound the matter, it could expose companies to legal liability as well. Just don't do it.

Take a few minutes to browse your own organization's Web sites. Check out how form data is gathered and communicated; Look into the storage processes for customer information your sites use. A few minutes of research could bring into view some problems hiding under the edges of your perception today. Discovering and mitigating these issues could save you a great deal of time, pain, and money tomorrow....

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments