Hadleigh-based web development firm Free Rein issues warning over progress towards GDPR compliance
- Credit: Sonya Duncan
Businesses are making little progress in improving online security ahead of new data protection rules coming into effect next year, according to a Suffolk web development and digital marketing firm.
And the lack of urgency shown so far is about to become clearer, says Andrew Johnson of Hadleigh-based Free Rein, with the widely-used Google Chrome browser starting to flag relevant pages as “Not Secure”.
The General Data Protection Regulation (GDPR), which comes into force on May 25, 2018, imposes new requirements for the corporate storage and processing of personal information, with breaches potentially resulting in fines of up to 4% of turnover or 20m euros, which ever is greater.
Free Rein began been conducting passive testing of websites since June this year, since when the proportion of UK sites found not to be secure has barely changed from around 70%.
Mr Johnson says part of the problem is that many website owners wrongly believe that SSL encryption certification is only required for transactional websites when, in fact, it is needed for any site with fill-in forms.
You may also want to watch:
As of today, he adds, Google Chrome is due to start highlighting uncertificated pages that can be filled in as “Not Secure” in the address bar.
“Another misconception is that ‘only the contact page is not secure’. This is also not true,” says Mr Johnson. “You cannot have an insecure contact form and the rest of the website secure, because a contact form becomes secure by having valid SSL certification for the website.”
- 1 Town's Harper move held up by West Brom uncertainty
- 2 Councils to be given powers to fine drivers £70
- 3 A12 underpass closed after car stuck in water
- 4 Village in uproar as primary school attempts to change historic logo
- 5 Suffolk school goes viral after teachers post TikTok dance
- 6 ‘Exceptional’ country estate with its own airfield hits the market
- 7 Woman in master/slave relationship was asked to supply indecent images
- 8 Citroën driver taken to hospital after car comes off road
- 9 A12 clear after two-car crash at Farnham
- 10 Historic Walberswick Bell Inn closes for one week
More than one third of problem sites are not secure solely due to invalid SSL certification, often because the certificate is in the wrong name, he says.
Other security issues can include username and login name visibility, user enumeration (where attackers are able to see usernames and logins by performing scans), the use of blacklisted IP addresses and vulnerability to “Poodle” attacks (where a server complies with a rogue request to downgrade its security protocols).
“In summary, it is now the time to secure your website by getting it locked down,” adds Mr Johnson. “It could be a challenging time for many businesses if their potential clients are deterred from submitting enquiries due to forms on the website stating: ‘Not Secure’.”