Some web projects require a higher level of security than others. Making the right decision about your website development is even more important in this case, as not only your security, but also that of your customers could be put in jeopardy by making the wrong choices.
Is security a primary concern for your web project?
Handling of sensitive information: banks, hospitals, law enforcement
Secure business domains are required for organization whose data is highly sensitive, or who may be of interest to those who are not authorized to view it. The most obvious example of a company needing a secure domain is a bank, which stores account numbers, credit card information and personal financial data on all of its customers. Hospitals and law enforcement agencies also need secure domains as they store highly sensitive personal information on their customers. Fortunately for the customers, there are rules and standard that regulates the privacy of data.
There are two main standards that regulate secure business domains. The first one is the Payment Card Industry Data Security Standard (PCI DSS), a multifaceted security standard that includes requirements for any business that stores, processes or transmits payment cardholder data; these organizations must follow the standard. The PCI DSS standard is intended to help organizations proactively protect their customers’ credit card information.
The second one is Health Insurance Portability and Accountability Act (HIPAA), it is similar to PCI DSS except that instead of protecting payment cards information, it protects patient data. Its rules specify a series of administrative, physical and technical safeguards to assure the integrity, confidentiality and availability of electronically protected patient health data. Any health care organization located in the United States that handles patient information is required to follow the HIPAA regulation.
Recent breaches
In the past few months, there have been several high profiles security breaches. In August, the group of hackers’ known has “Anonymous” hacked more than 70 websites from law enforcement agencies in Arkansas, Kansas, Louisiana, Missouri, and Mississippi. Anonymous stole more than 10GB of user data including names, email addresses, credit card information and some sensitive personal information. Many of the websites hacked were registered to the same marketing agency. The hackers chose that particular agency because they had noticed a breach in the security system that allowed them to easily steal the information.
Another high profile breach was the Citigroup’s attack where hackers accessed the information of 200,000 bank accounts. The attack happened at Citi Account Online which holds Citi’s customers information such as names, email addresses and account numbers. The hackers explained that they simply logged in the site reserved for the credit card customers, and then modified the URL in the browser’s address bar to access other customer’s accounts.
These security breaches are more and more common and not making yourself an easy target is the first step towards preventing them. If you handle sensitive information and are thinking of using a secure domain, come back soon for our tips on how to choose you marketing team.