Potential threats to customer data collected via website

Transactional websites are used constantly all around the world. Because they are so popular with such a large number of people using them there are many threats when using these websites. Some people target these websites by hacking, sending viruses, theft or other attack. Businesses now have to take certain precautions to ensure theirs and customer data is safe and not under threat. Potential threats to customer data collected via website Websites collect personal data for different reasons.

For example Topshop. om ask the customer for your email address, a phone number, your address, your credit or debit card details and sometimes the amount of times you visit their website. The privacy policy on the website should explain how the website uses the data and the customer should read this before entering their personal information. Further information can be collected through surveys and other questionnaires to improve and develop the website further. For Topshop the information you enter can be sent to other companies that are closely connected with them.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

An email address would be used to send the customer information about new products, offers or details of their purchase, their address would be also be used for information of the products but obviously to send your purchased items to you too. Your card details will only be used when making a transaction. A customer always has the option to whether they want to stop emails or would like their data removed from the system. Hacking There are many risks when entering your personal details into these websites as you can never be sure that the security is efficient.

Unauthorised users can access these details by logging into the network security system from outside or just taking the information if they work on the inside. This is known as hacking, these criminals can then use this personal information to sell to other criminals, this usually happens internally within a company so they must always make sure their employees are aware and take notice of anything they think may be a threat to someone’s data. Most websites have the protection of a firewall which denies network transmissions to pass through from the public internet therefore not allowing unauthorised access to the data.

Firewalls have different security levels for each operating system, and these are set according to system preferences. Although this device can help stop hackers gathering information from the outside, it does not however stop the fact that people on the inside can save and steal the data. To improve this, an internal firewall between the internal network and the customer database could help make the security much more efficient. Also all authorised staff could have different accounts with different access rights. Research that was done by Symantec, show the rise in vulnerabilities on smartphones an increase of 42%.

The vulnerabilities include new malware that has never been seen before. Also shown by the research was that there are 6,253 new software vulnerabilities that could be used by criminals and that on average there were 260,000 personal identities exposed in each corporate attack. This shows us the large amount of people who are affected by these hacking attacks. Another article that was published on the 5th December 2011 showed that due to hacking increasing, business could be a target in 2012 and that this is often because many businesses use smartphones as a way of communication between employees.

However people should be made aware that strong passwords and updating your phones operation system often can all help guarantee security for the business and personal information. Natural Disaster Natural disasters are also a threat to data. Disasters like volcanoes, earthquakes and tsunamis are all natural and can pose a threat to data. All these disasters have the power to wipe out computer systems in minutes therefore losing all data and information stored. Also other natural disasters can destroy networks causing the destruction and loss of data.

To add to this the aftermath of the disaster can often take a long time before a system is up and running again therefore losing business time and money. We can never know when a natural disaster will take place, however we can tell what places are more likely to have for example tsunamis. This can help businesses to set up the central information system in an area least likely to be affected. Back-ups of the information should be in different places, if it’s in the same place it will be affected anyway, so by backing it up in other places can make it easier to restore.

Also available are back up sites known as hot and cold site. Hot sites allow businesses to get it back up and running by providing all computer power and information that is needed. To compare, cold sites offer the space for businesses to set up again but they have to have their own computers and information already. From statistics on a website called Protect Data, we can see that natural disasters are the cause of 3% of the world’s data loss; even though this isn’t a large number it is still a big threat and is very easily prevented.

Data can easily be stored off site somewhere completely different especially not in areas that these disasters are likely to occur. A Tsunami in Japan on the 11th March 2011 is an example of how badly natural disasters can affect business. Huge companies like Toyota Motor Co. , Sony Corp. and Panasonic all had to close production and put the country at economic unrest. All the data held by companies and businesses would have been lost and most likely destroyed. Viruses Computer viruses attack computer systems and have the ability to replicate and pass through a system to other computers.

A virus can be sent via the internet, a network or carried on a hard drive. Viruses infect files and then go on to other computers then affecting files in the whole system. Often a user will be unaware of a virus on their computer making it hard to get rid of. A virus on the system of a transactional website will infect the customer data and databases within the website. Businesses and employees should always be aware when opening files that have attachments as this is often a way in which viruses are spread. However there are also many very good anti-virus programmes that can detect and destroy viruses.

By having this in a system it can prevent the threat of viruses. According to an online blog created in December 2010 there was new malware software, that was leading to personal data being stolen. The information was being taken through mobile applications particularly games. This is only one way of viruses attacking data and causing it to be stolen. Legislation Data Protection Act The data protection act of 1998 is most important piece of legislation that protects people’s personal data. The act contains 8 principles for data protection these are:

This is very important for all businesses to be aware of otherwise it is going against the law. The act is very important for the protection of people’s data; it means that people know that their data should be protected by law. Data cannot be used out of purpose so it cannot be used for anything but what the person intended it for. It may not be sent to other parties or people keeping the data specific to one place, unless stated otherwise buy the individual. The information must always be available to the person which is very reassuring as you know you can always check the information held.

Information cannot be kept longer than it is needed and should always be kept up to date. Personal information cannot be sent out of the European Economic Area unless the individual has agreed. All entities that collect personal information must register with the information commissioner’s office which means the companies and businesses are always under control and known of before they can collect data unless it is for small organisations or domestic use. Security measures like staff training and firewalls should always be in place when holding personal information to make sure that it is secure.

Factually incorrect information can be corrected by the subject however this does not include to matter of opinion. This act is very effective and without out it the misuse of data would be very high. Even with this legislation there are still problems with data misuse. In August 2009, two people were arrested under the Data protection Act. They were involved in stealing 10,000 political party members’ data and publishing it online. This shows that this act can be breached but people are also punished for doing this. Computer Misuse act

The computer misuse act was passed by parliament in 1990. It made 3 new offences: Accessing files or other computer material without permission. Accessing material with the intent of using for criminal offences. Creating or changing data files without permission for example writing a virus. This act aims to prevent the creation of new files and accessing files or material without permission. This is an important act as without it anyone would be able to access information without permission and be able to create files leading to more viruses, which is a big threat to customer data.

The computer misuse act is constantly being used and has been since it was passed in 1990, and many arrests have been made. In May 2011 two people were arrested, one was a teenager who had attacked a website causing it to stop trading, which went against part 2 of the act for accessing material with intent of using it for criminal offences, he was imprisoned for a year and had to work for 240 hours unpaid. Another student went against part 1 and 3, this shows us how important this act actually is and also how efficient it is as many people are caught and punished for going against this law. Preventative Measures

Preventing these problems can be hard, but there are many measures out there that we can take to ensure these problems are prevented effectively. Firewalls are not strong enough to keep hackers away, however they can be made even more effect by having user names and passwords letting only certain users in or adding multiple firewalls. It is important for companies and businesses to keep their information safe physically, for example certain computers and files should be kept safe and only available for some people also backups should not be kept in the same room as the server as through physical damage could ruin both.

Anti-virus software is very effective in making sure viruses don’t attack a computer or server, they are constantly checking and updating to get rid of any files that may be a threat. This is extremely effective as it means viruses and files with threats can be removed straight away before they attack the system. There are many effective ways of preventing these threats to data, and with all these measures companies can be certain their information is safe, however these measures need to be check regularly to make sure they are constantly working and in order.

References

http://www.bbc.co.uk/news/technology-12967254

http://www.derryjournal.com/news/business/smartphone_hacking_could_hit_business_academic_1_3309571

http://www.telegraph.co.uk/news/politics/6067398/Two-charged-over-leaking-of-BNP-membership-list.html