Blog

One the one hand, the Internet is making life easier by providing access to information from just about anywhere, but on the other hand access to private information raises serious security concerns.

We could argue forever about who's responsible for ensuring that private information isn't easily accessible by unauthorised people, but ultimately we must be aware that anything we share / publish / post on the Internet can be seen and shared with everyone else on-line; and nothing is secure on the Internet.

We must all play a part in on-line security. It's is a team game. By personally ensuring that we're doing as much as possible to secure ourselves, together we make it harder for the bad guys.

There are many steps and tools you can use to improve your on-line security. To start you off, we've put together this list of our 10 fundamentals...

Your on-line security must-do list:

1. Block Third-party Cookies: Cookies store little bits of information about you for websites that you have been too. Disabling the unnecessary cookies will decrease the chances of others exploiting this information.
2. Use HTTPS: Hypertext Transfer Protocol Secure is the secure communication protocol of the Internet, adding a layer of encryption between your computer and websites that you visit.
3. Install HTTPS Everywhere: This web-browser plug-in forces the browser to use the HTTPS protocol instead of the regular HTTP protocol so you don't have to remember.
4. Use Incognito Mode: Also known as Private Browsing, web browsers don't store your browsing history, save files in the browser cache, or save cookies when in this mode. Particularly useful if you are using on-line banking.
5. Check for SSL: When entering sensitive information into forms (such as your credit card details), make sure the webpage is protected by SSL. Look for a green lock in the address bar.
6. Email Carefully: Don't send sensitive information by email. This includes usernames, passwords, credit card details, etc.
7. Encrypt Email: Consider encrypting your email. It may seem like a hassle, but once you and your regular contacts get into the habit it will become second nature.
8. Use Secure Payment Gateways: Don't purchase from eStores that don't use secure, well-known payment gateways.
9. Use Strong Passwords: Always. Test how long it would take to hack your password on How Secure Is My Password.
10. Limit sharing: Don't share or publish information you don't want strangers knowing about you.

Lastly, make sure that your operating system, web-browser and anti-virus software are always up-to-date, and that you are using a firewall.

Join the Conversation - Got another security must-do that you'd like to add to our list? Let us a know on the iASP Central Facebook Page, or Get in Touch.

When it comes to producing your website Terms and Conditions the best (and some would say only) approach is to seek professional legal assistance.

However, providing your lawyer with a draft for proofing should be more economical than having them prepare the contents from scratch. But then we are dealing with Lawyers.

HCD Tactic: When dealing with any service provider - Lawyers included - always get a clear indication of time / cost estimates before approving any engagement.
Lawlive.com.au is an Australian website that sells personalised templates of legal contracts and documents, including many relating to website terms and conditions for around $100.00 per document.

If your website is published in Australia you need to comply with current Australian Consumer Laws, and there may also be other industry specific requirements that could cause serious problems if overlooked.

If you're selling products or services online and accepting credit card payments, your merchant facility provider may also have specific requirements relating to the legal information you publish.

So if you're ready to tackle composition of your T's & C's, here's our 8 Point Guide outlining some of the key areas you need to cover...remembering of course that we're not lawyers, and the following is not in any way intended to be legal advice.

1. Copyright - Australian Law automatically applies copyright to your website and content, but adding a copyright notice confirms this. Apply the statement to everything from the website design, your products, your images and your text content.
2. Use of Information - Include a disclaimer that protects you against the use (or misuse) of the information or advice that you provide on your website. What you say may not work for everyone, and you can't predict how people may use it.
3. Customer Returns - If you sell products or services on-line, it is essential that your Terms and Conditions comply with the latest consumer laws. You must include the following:
   
   • A statement that you comply with the latest Australian Consumer Law
   • The terms under which you will provide a refund, repair or replacement on faulty items or undelivered service.
   • Details of your guarantees.
   • Details of your warranties (if you provide any).
4. Shipping Policy - If you sell products, and send them to customers by courier or mail, provide a clear outline of the terms of sending goods. Include expected costs and delivery times, your policy for late or undelivered goods, and any responsibilities of the customer.
5. Industry/Product Specialist Risks - If you are in certain industries, or sell products that have a higher set of risks (like health advise or products for example), you should seek professional legal advice in relation to inclusion of special terms and conditions, such as for example disclaimers that limit claims for possible injuries or losses that may be caused by using any of your products or services.
6. Amount of Liability - Most importantly, include a clause that limits the amount of your liability from any claims made against you or your business, including a maximum claim amount for damages (the amount paid for the product or service for example).
7. Terms for International Customers - If you sell your products or services to customers overseas, include separate terms that cover international customers and their consumer laws.
8. Privacy - Australian Privacy Laws changed in March 2014. Australian Private Sector Organisations are required to have a "clearly expressed and up-to-date privacy policy describing how they manage personal information". While not every Australian website is legally obligated to publish a privacy policy, if you are engaging your audience via interactive functions such as newsletter subscriptions, online shopping systems or even just simple online forms such as a contact form, you'll need to disclose how you manage the personal information you're collecting.
   

Publishing current, clear, business specific Terms and Conditions that have been approved by professional legal counsel provides peace of mind for your customers while serving to mitigate the risk of legal action and costly penalties and fines for non compliance with your obligations.

For the latest consumer law information, visit the Australian Consumer Law website and for more information about the new Australian Privacy Laws visit the Privacy section of the Office of the Australian Information Commissioner, or select the link below to download the plain English factsheet.

Whether you are or aren't aware, if Safari is your browser on your iPhone or iPad, your data is being collected for several reasons. This isn't as terrible as it sounds because it helps to speed up browsing and store login information, but this doesn't mean that security is not a concern.

Following Facebook's recent security failure in disclosing personal details, many are worrying about data saved by Safari and other browsers on local devices. Data collected about your usage can be used for tracking purposes, but if this is something that makes you uncomfortable, there are options.

If you'd rather not be tracked, you can clear the saved data from time to time.
These are the steps to clean your browser data:

1. Go to the Settings on your iPhone or iPad.
2. Scroll down to locate Safari and tap it.
3. Scroll down and tap on Advanced.
4. Tap on Website Data.
5. Scroll down through the data stored by Safari and tap on Remove all Website Data.
6. When prompted with a confirmation, tap Remove Now.

Every once and a while, repeat this process if you'd prefer not to be tracked.

Last week (Jun 21st, 2013) Facebook announced a security bug that exposed users' personal contact information. In a post on the Facebook Security Page, Facebook explained that some of the information that the site uses to deliver friend recommendations was "inadvertently stored with people's contact information as part of their account on Facebook". As a result, anyone using Facebook's Download Your Information tool to download their friends' data were presented with information that should have remained secure.

This bug affected 6 million users.

What's more shocking is that it's been live since last year, but was discovered only last week. Although the security team fixed the bug less than 24 hours after it was detected, this highlights the fact that even with a strong technical team and massive resources , it is impossible to ensure that no bugs exist. This is worrisome as social media continues to integrate deeper into our daily lives.