Sunny

Sunny

max temp: 17°C

min temp: 10°C

Search
Suffolk Business Awards 2018 Tickets

Hadleigh-based web development firm Free Rein issues warning over progress towards GDPR compliance

PUBLISHED: 17:35 17 October 2017 | UPDATED: 17:36 17 October 2017

New regulations on data protection
 come into effect next May.
Picture: Sonya Duncan

New regulations on data protection come into effect next May. Picture: Sonya Duncan

ARCHANT EASTERN DAILY PRESS (01603) 772434

Businesses are making little progress in improving online security ahead of new data protection rules coming into effect next year, according to a Suffolk web development and digital marketing firm.

Andrew Johnson of Free Rein.
Picture: Free Rein Andrew Johnson of Free Rein. Picture: Free Rein

And the lack of urgency shown so far is about to become clearer, says Andrew Johnson of Hadleigh-based Free Rein, with the widely-used Google Chrome browser starting to flag relevant pages as “Not Secure”.

The General Data Protection Regulation (GDPR), which comes into force on May 25, 2018, imposes new requirements for the corporate storage and processing of personal information, with breaches potentially resulting in fines of up to 4% of turnover or 20m euros, which ever is greater.

Free Rein began been conducting passive testing of websites since June this year, since when the proportion of UK sites found not to be secure has barely changed from around 70%.

Mr Johnson says part of the problem is that many website owners wrongly believe that SSL encryption certification is only required for transactional websites when, in fact, it is needed for any site with fill-in forms.

As of today, he adds, Google Chrome is due to start highlighting uncertificated pages that can be filled in as “Not Secure” in the address bar.

“Another misconception is that ‘only the contact page is not secure’. This is also not true,” says Mr Johnson. “You cannot have an insecure contact form and the rest of the website secure, because a contact form becomes secure by having valid SSL certification for the website.”

More than one third of problem sites are not secure solely due to invalid SSL certification, often because the certificate is in the wrong name, he says.

Other security issues can include username and login name visibility, user enumeration (where attackers are able to see usernames and logins by performing scans), the use of blacklisted IP addresses and vulnerability to “Poodle” attacks (where a server complies with a rogue request to downgrade its security protocols).

“In summary, it is now the time to secure your website by getting it locked down,” adds Mr Johnson. “It could be a challenging time for many businesses if their potential clients are deterred from submitting enquiries due to forms on the website stating: ‘Not Secure’.”

A woman discovered an intruder inside her Ipswich home on Wednesday and ran to a neighbour to raise the alarm.

Police are concerned for the welfare of a missing Ipswich teenager.

Hay fever sufferers have been warned that pollen levels are very high across much of the UK and are expected to remain so into next week.

A man who lives in Sudbury has sent in stunning pictures taken at Sudbury Water Meadows.

A major review of how Suffolk’s roads are maintained was launched yesterday with the county’s new highways chief claiming that there are “improvements that can and must be made”.

The team campaigning to save a fire-damaged Suffolk village pub has made an impassioned plea for financial backers to help it reach the finishing line.

This new arrival has given another boost to the critically endangered Suffolk Punch.

A murder investigation has been launched after a man was fatally stabbed in Chelmsford.

Woodbridge is set to celebrate the 15th anniversary of the town’s airborne sappers.

Proposals to award Mid Suffolk councillors an allowance rise upwards of 25% have been given the green light – just days after Babergh decided the same.

Most read

Show Job Lists

Topic pages

Newsletter Sign Up

Ipswich Star daily newsletter
Sign up to receive our regular email newsletter

Our Privacy Policy

MyDate24 MyPhotos24