“Most corporate web sites to send sensitive data unsafe’
More than eight out of ten websites that personal data of visitors processed, do that in an unsafe way.
Hundreds of thousands of business websites let users submit sensitive information to send without the need of a secure connection, use is made, according to a study of administrator SIDN and MKB service Desk that Wednesday is published.
SIDN, the foundation for which all .nl-domain names assigned, carried out a scan which 780.000 business web sites were found. Thereof accept such a display 429,000 sensitive data. For example, it may go to forms in which the name, address, telephone number or e-mail address can be filled in, or to inlogsystemen with usernames and passwords.
Of the websites that accept data, about 86 percent that is not using HTTPS, the security standard that is recognizable by a ‘lock’ in the browser, next to the web address. Because data is unencrypted to be sent, they can see quite easily be intercepted.
It is in the Netherlands is legally obliged to provide personal information securely. In the worst case, the supervisor Authority, Personal fines, if that does not happen.
Over 80,000 online stores that SIDN were controlled, used or all of an SSL connection before the completion of payments. That is also a requirement of the organisations to which the payments handling.
According to Willem Overbosch, managing director of the SME service Desk, data security is not the only reason to use a HTTPS connection. Also in the Google search results are sites without secure connection is now ‘punished’ with a lower placement. Browsers Chrome and Firefox warn if a website with an HTTPS connection is secure.
“Stitch, you as an entrepreneur a lot of money in your online presence, then is it really sin if you to these reasons yet business goes wrong,” said Pegasus. “With a few simple steps and tegengeringe cost or sometimes even free is the for each other. So there is actually no reason for this not to have regulated.”
A similar study found recently that less than half of the overheidsdomeinen a HTTPS-connection is used. At many of the unprotected sites could, however, no sensitive data will be sent.
Government sites that make it possible, at the end of 2017 required a secure connection offer. Minister Plasterk (Home Affairs) wants to secure connections in the future for all government sites require.
A spokesman of the Authority Personal data (AP) emphasises in a response that it is mandatory for personal information to to protect. “These figures astonish us, but we find it kind of troublesome.”
Organizations must be continually pay attention to security, the zegsvrouw, for example, by software regularly to provide updates. The AP warns that the “tilt-correction” of the supervisor, from 2018 a lot bigger, by the introduction of European privacy law.