Trusting a website with your data

Is BeeMyMinder safe? A question I’ve been asked before and one I tend to respond to by asking them “how do you know other sites are safe?” The usual response is, “well… they just are”, or “I actually don’t know”.

I have some fundamental rules I follow to make my online experience more secure and I’ve applied that to BeeMyMinder.

Firstly, should we be worried?

With terms like phishing, spam, spyware, viruses, hackers, malware, fraud many people are concerned. As reported by Financial Fraud Action UK in their 2014 Annual Review, online banking fraud has grown from £35.4m in 2011 to £40.9m in 2013. So there seems to be a case to be worried. However, this is also when the uptake of online banking has been increasing by some 37% from 2009.

We are well aware that more and more people are using the internet or to term it another way ‘online’, whether it’s for banking, shopping, booking travel, checking weather, sharing pictures, videos, reading, talking, it goes on. It’s difficult not to be concerned about the amount of data which is accessible about you online or the way in which companies use the data you have shared with them.

I’m registered with over 120 on-line sites and apart from the odd spam e-mail I’ve never had my privacy breached. Have I been lucky or just careful on who I’ve signed-up with and what information I’ve shared? Lets see…

What to look for in a responsible website?

Putting aside the obvious question, does this website look valid? Do I recognise the company? Here are some helpful prompts.

1 – Being open and transparent

When you are considering to sign-up, register or use a website then ask yourself the following:

• What information are they collecting?
• How is it being stored?
• Who will have has access to it?
• How will they protect your data?

If questions are answered easily, then the firm is acting in a fair and transparent manner. If not, proceed but take care.

2 – Secure and encrypted connections

Sites that require you to enter personal information (name, address, post code etc) need to have secure and encrypted connections. This is easy to be checked, as any website should have https:// in front of their URL and also have a padlock present.

The ‘s’ in https stands for ‘secure’ and click on the padlock to confirm a valid certificate. If this is not present then there is a greater chance your personal data is at risk and the site might not be trustworthy.

3 – An appropriate level user authentication

Most websites require a username and a password to identify you. Depending on the level of personal and financial data being entered then look for two-factor authentication. This is the use of a username, a password AND another form of identification, like a security code.

Banks are key players here and many are now looking into multi-factor authentication including voice, facial, iris recognition.

If you are accessing the site via a mobile device then extra login details like a PIN code should also be introduced.

4- Clear policies about how they handle your data

How many of us actually read the full terms and conditions, and the privacy report before ticking the ‘I have read and understand the T&Cs’ box? Many people don’t and that is a shame as this tends to be the main way you can understand exactly how they intend to use your data. If it’s not clear then it is not best to proceed.

Some sites are more proactive and have specific pages that openly state how they process your data, who they share it with and for what purpose.

Very few outline their Internet security policy for employees, what social media training they have had or even if employees are allowed to use USB devices at work.

What does BeeMyMinder have in place?

1. To be clear, BeeMyMinder does not use your bank account details.
2. We try to minimise the amount of personal data we need and leave as much as possible as optional. But if you want text alerts, we will need a mobile number.
3. We have joined the Information Commissioner’s Office and registered on their Data Protection Register.
4. In-addition we have committed to their Personal Information Promise and the 10 associated promises. This demonstrates the importance we place on being entrusted with personal information.
5. We have confidentially agreements with our suppliers and providers. So each time we need to share your information we do so only with your explicit consent.
6. When you access BeeMyMinder you enter your username and password. When you join we do ask for a memorable word in case we need to verify your account e.g. resetting a forgotten password.
7. The password you choose needs to be of eight characters long and include upper and lower case characters. Some sites set no limitations on passwords.
8. All the data is hosted IN THE UK with a well-known hosting provider that has fully owned state of the art Tier 3+ 2N Data centres (sounds technical, it is). With 24/7 365 support and multiple daily backups.
9. BeeMyMinder has certified high-level 256-bit encryption, stopping traffic from being accessed by third parties. Remember that padlock!
10. There is no mobile APP for BeeMyMinder, but when developed we’ll be applying additional levels of security for it to accessed from a mobile device.

5 Tops Tips for being safe online

Here are my tips:

1. Simply put – if you are worried about your data being online, then don’t share it!
2. Read the terms and conditions; if unsure, don’t proceed. Contact the company to seek clarification
3. Keep your own software, anti-virus, firewalls and version of internet browser up-to-date
4. If buying online, pay by credit card or use online payment systems e.g PayPal
5. Try to have different passwords for different sites (how do you remember them all? that might be a topic for another blog!).

If you have any additional tips or want to share your own experiences then please leave a comment below.

Last updated by Nigel Brokenshire at December 2, 2015.