Security

Does My Website Need a Privacy Policy?

With the GDPR having just gone into effect recently, a lot of people are asking questions about what they need to do in order to comply, whether or not they even need to comply, and what the best practices are. One component of being GDPR compliant (or compliant with […]

Everything You Need to Know About Your Privacy Policy and GDPR Compliance

You’ve no doubt heard about the GDPR (General Data Protection Regulation), which focuses on protection of personal data and digital privacy in general. Although the GDPR largely applies to businesses that either a) offers products/services, and/or b) collects personal information from, the new GDPR policy applies to anyone regardless […]

What is GDPR?

You’ve no doubt heard about the “GDPR,” which is short for General Data Protection Regulation, a new privacy law from the European Union. On May 25th, 2018, the GDPR replaces the previous European Data Protection Directive (that has been in effect since 1995).

The primary goal of the GDPR is […]

Why It’s Important to Update Your WordPress Website

Whether you manage a personal WordPress website or you run a business website, it’s vital that you take the time to do updates. Because technology continually evolves and WordPress stays at the forefront of the industry, you can trust that the updates are designed to improve your website and […]

Why SSL Certificates on Your Website Are Vital

You may have already heard that Google is forcing websites to have an SSL Certificate or they will flag your site. While this may be frustrating, it makes sense because Google is just doing their job to keep users happy and making sure that they are visiting […]

The Heartbleed Virus Diagnosis

It’s the Heartbleed Virus that has been slowly taking over the Internet for years, but only recently has it come to the public eye. If you’re pretty techie or considered the ‘computer nerd’ in your social circle, chances are that you have come across a couple of these previously, […]

britecode Security | britecode

Security

With the GDPR having just gone into effect recently, a lot of people are asking questions about what they need to do in order to comply, whether or not they even need to comply, and what the best practices are. One component of being GDPR compliant (or compliant with other regulations) is to have a clear and concise “privacy policy.” Most website owners or businesses are uncertain on whether or not you actually need a privacy policy.

The short answer is most likely: yes, you will need a privacy policy. We’ll get into specifics below.

 

“How do I know if I need a privacy policy?”

The simplest answer is that if you collect any kind of information from the users of your website (or customers of your business) that is considered “personal,” then you need to have a privacy policy in place.

Any kind of information that can be used to identify an individual is considered “personal data.” Personal data can include, but is not limited to first and/or last name, email address, billing and/or shipping address, credit card information, phone number, IP addresses, and so on.

For websites, this information is commonly collected if you have an email list or use cookies on your website (which most websites and/or businesses do).

Having a privacy policy, regardless if it’s “required by law” in your situation can still be a great way to build trust with your users or customers. It’s often better to be safe than sorry with a privacy policy, but it’s also a great strategy for helping your customers feel more comfortable browsing your website or providing you with their personal data.

Below are some of the most common scenarios where a privacy policy may be required or otherwise recommended:

  • Websites
  • Blogs (e.g., on WordPress, Joomla, Drupal, etc.)
  • E-commerce Stores
  • Mobile apps
  • Desktop apps
  • SaaS apps
  • Other digital products or digital services

“What does a privacy policy do?”

 

A privacy policy is an agreement between you (website and/or business) and the user (or customer) on how you will handle that user’s personal data. In your privacy policy, you will include specifically what kind of data you will collect or request, how it’ll be collected, whether you share any of it with outside parties (known as third parties), and so on.

The privacy policy essentially lays out all the “whats” and “hows” that relate to a user’s personal data within your website or business.

“How do I install a privacy policy on my website?”

Adding a privacy policy to your website, business, or any other kind of application that collects personal data/information, requires you to have a page on your website dedicated to your privacy policy. Remember that your privacy policy requires you to list certain information about the data you collect, what happens to it, and how your user can modify that information.

The privacy policy needs to be easily accessible, commonly linked on the footer of your website or easily visible when a user is providing information to your website.

 

If you need help with your privacy policy, want to ensure that you are fully compliant with how you are collecting or handling personal data, or need assistance integrating your policy into your website, you can reach out to us at C2CG. We’ll be happy to answer your questions and get your website fully compliant and protected.

Do you need to upload a document?

You’ve no doubt heard about the GDPR (General Data Protection Regulation), which focuses on protection of personal data and digital privacy in general. Although the GDPR largely applies to businesses that either a) offers products/services, and/or b) collects personal information from, the new GDPR policy applies to anyone regardless of location.

Today we’re going to break down everything you need to know about what you need in your privacy policy and how to remain GDPR compliant in your business.

 

Simplifying Your Privacy Policy

One of the goals of the GDPR is to simplify the language used in privacy policies so that the average user can understand exactly what is happening with their data that they’re providing, without needing someone else (like a lawyer) to decipher your intent and processes with their data.

Data collection and processing procedures need to be communicated in a way that is concise, transparent, intelligible, and in clear and plain language. This has been done to avoid the dense legalese that has been commonly used prior to the GDPR.

Being Transparent In Your Privacy Policy

In addition to simplifying the communication of your processes, your privacy policy also needs to disclose more information than was required prior to the GDPR (while still being clear and concise about it).

Below is everything you need to communicate to your users through your privacy policy?

  • Personal information – the specific information you collect that relates to the user as an identified or identifiable person
  • How you collect the user’s information and why you’re collecting it
  • How you are securing and protecting the data you’re collecting
  • Information about third parties that have access to the information you’re collecting from your users
  • If you use/store cookies
  • How your user can control any part of the data collection, storage, or processing of their personal information

Other Information You Need in Your Privacy Policy to Be GDPR Compliant

In order for your privacy policy to be compliant with the GDPR, you need to provide information on the following (while also still being concise and clear for your user):

  • Who your data controller is
  • Contact information for the data controller
  • Whether you use data to make automated decisions
  • Inform users of the 8 rights they have under the GDPR (which sums up as the right to access their data, request changes, and make deletions and corrections)
  • Whether or not providing data is mandatory (and what happens if they don’t give personal data, such as not being able to create an account or receive emails)
  • Whether you transfer data internationally
  • What your legal basis for processing data is

There’s no need to feel overwhelmed about the GDPR, even if it seems daunting at first when creating your privacy policy and striving to stay GDPR compliant from start to finish. This page will help you get started with the foundation of your privacy policy and what you need to be and stay compliant with the GDPR.

 

If you have questions about the GDPR or want to ensure that your privacy policy is going to be compliant with the GDPR, you can reach out to us at C2CG and we’ll be happy to help.

Do you need to upload a document?

You’ve no doubt heard about the “GDPR,” which is short for General Data Protection Regulation, a new privacy law from the European Union. On May 25th, 2018, the GDPR replaces the previous European Data Protection Directive (that has been in effect since 1995).

The primary goal of the GDPR is to enforce a single data protection law and bring all EU member states into it, simplifying the regulation and enforcement of data protection. The GDPR creates guidelines/regulations on how data is processed, used, stored, or exchanged while making it more transparent to users who are providing their data.

Who the GDPR Applies To

Now you might be thinking that the GDPR doesn’t apply to you because you saw “EU” and you’re likely in the “US.” The GDPR doesn’t just apply to people in the EU but rather anyone who processes, uses, stores, or exchanges data of a EU citizen. In other words, if the following applies to you, GDPR needs to be taken into account for your business or website.

Your business has a presence in any EU country.

Your business does NOT have a presence in the EU, but your business or website processes any data of EU citizens.

In short: if your business is established in the EU or a portion of your customer base (or anyone you are using data for) is in the EU, you are responsible for complying with GDPR.

What Is Considered “Personal Data”?

When factoring in a privacy policy and how you structure the management of customers’ or users’ data, you’ll need to know what classifies as personal data. Any of the following is considered personal data of EU citizens, which boils down to any information relating to an “identified” or “identifiable natural person.”

Basic Identity Information – including name, email, address, ID numbers

Web Data – IP address, location, cookies, RFID tags

Health Related Data – about an individual’s health, their genetics, and biometric data

Racial and/or Ethnic Data

Political Opinions

Sexual Orientation

And any other information that can be directly linked to an identified or identifiable person.

Security Actions You Will Need to Consider

GDPR has provided a set of instructions that may be required, depending on your business and how you utilize the information of your customers/users.

Encrypt and pseudonymize the personal data of customers/users.

Make provisions for regular testing an evaluation of technical and organizational policies for the security of data.

Maintain confidentiality and integrity of processing systems and services used in relation to personal data.

After any physical or technical incident, restore the availability and access to personal data in a timely manner.

Summary of the GDPR

There’s a lot that goes into the GDPR and the new regulations on how you handle the personal data of EU citizens, especially when you consider that penalties can be in the millions of euros. There’s no need to be intimidated as you learn more about the GDPR and what you need to do (and if you even need to do anything). You can always consult with experienced web professionals who have a clear understanding of the GDPR and what your business or website will need to do in order to effectively comply with the new regulations.

Contact us today at C2CG about all things GDPR. We’ll take hard work off your shoulders regarding GDPR compliannce.

Do you need to upload a document?

Whether you manage a personal WordPress website or you run a business website, it’s vital that you take the time to do updates. Because technology continually evolves and WordPress stays at the forefront of the industry, you can trust that the updates are designed to improve your website and it’s recommended that you do them as soon as they’re available. If you aren’t sure how to update your WordPress website or even back it up, then it’s best to consult an expert to ensure you don’t compromise your website’s customizations.

The Benefits of Updating Your WordPress Site

There are quite a few benefits of updating your WordPress site, and here we’ll look at the three most important.

Compatibility

Plugins are an essential part of your web design, and when you have an updated website, these plugins will seamlessly become compatible. If you have an older version of WordPress, you may be limited. Beyond being limited to what you’re compatible with, you’ll find that current plugins won’t have all of the bells and whistles that the updated versions have.

Enhanced Levels of Security

Security is important to everyone that gets online these days, and that’s A LOT of people. WordPress makes their upgrades public because they are an open source software. If they have changed anything having to do with security or corrected a security issue in the update, hackers will know, and those guys always target WordPress sites that haven’t upgraded.

Access to the Latest Features

Who doesn’t want access to the latest features WordPress has to offer? Remember, their job is to make your experience better, and they’re pretty good at it. When you get an update, you should be excited to see what’s new and what will save you time.

The Best Practices for Updating Your Website

When updating your website, there are a few best practices that you should follow. Here we list three of those, but trust that there are more based on the size of your website and other factors. One thing that is vital that you understand is that updating a WordPress site isn’t always as easy as it seems. While the platform is excellent and efficient, there are many details that you need to pay attention to. Simply hitting the update button may work sometimes, but it can also lead to troubles that can fracture your website and interrupt the normal activity.

Learn the Right Skills

There are a range of skills that you’ll want to have an in-depth understanding of from CSS to MSQL to navigating around the cPanel. If you aren’t confident in with areas like HTML, it’s a good rule of thumb to either have a web designer prepared for disaster relief in case something goes wrong when you update or to just bring in the pros for the entire process. That way, if there is a problem, your site can be restored accordingly.

Put a Reliable Backup System in Place

Backup your database to ensure you don’t lose anything. Don’t skip this step because you think its only purpose is to give you peace of mind (which it will) or because you think it won’t happen to you (it can). Make sure you have a reliable backup system in place.

There are some excellent premium plugins that are created just for the job. You can also backup files manually in the cPanel or through hosting. There are a few other methods you can apply. Just be sure that you are confident in using the backup system that you have in place because this is the primary way to resolve issues when the update doesn’t go as planned.

Follow the Process with Attention to Detail

The process of upgrading is going to require that you pay attention to each step. The changelogs need to be looked at (so you can see the summary of changes), and you should note any modifications made to source files (if any). If you use WordPress versions for themes, plugins, software, and everything in between, begin by updating these and then update third-party themes and plugins.

A few other techniques you can apply to the process of updating your website is to activate a plugin that lets people know your site is being worked on or is maintenance mode. This prevents an error message from appearing if something doesn’t update correctly. Also, research the plugins that you use and see if other customers have had issues with it when updating their WordPress site. You may be able to troubleshoot a few problems ahead of the curve.

Once you’ve updated the themes, plugins, and other necessary parts of your website, run through and make sure everything looks good. If there are errors, you can correct those and then get your website back up and running!

Use the Staging Area for Updates

If you can, use the staging area for the updates before updating the live site. By testing the site this way, you get a chance to see any changes that are made and if there’s an issue that needs to be corrected before going live. You can create staging areas through your host, a plugin, manually, and by creating a dedicated stage site.

Learn the Pros and Cons of Updating

There are pros and cons to updating your website, but the pros definitely outweigh the cons. By knowing what to expect, whether it is a positive impact or a negative one, you can easily combat the issues or enhance your website when you keep WordPress updated.

Don’t forget, if you’re not comfortable with the updating process for WordPress, let the pros take care of the job for. Even when your tech-savvy, the learning curve for an area as specific as website updates is time-consuming, and you want to make sure you get it right. After all, an update should be viewed as a good thing because it’s keeping your website protected and functioning properly.

 

 

Do you need to upload a document?

You may have already heard that Google is forcing websites to have an SSL Certificate or they will flag your site. While this may be frustrating, it makes sense because Google is just doing their job to keep users happy and making sure that they are visiting secure websites. Online security is essential these days and people are paying closer attention to ensure they don’t become a victim of spam, identity theft, hackers, and more. Without an SSL certificate, your site will pop up as “not secure,” and this could cause you to lose valuable customers. To help you get more information about SSL certificates and keep your website secure (and your visitors coming back), we’ve provided some details below.

How SSL Certificates Work

Think of SSL (Secure Sockets Layer) as a liaison between the web servers and browsers. The standard security technology is created using an encrypted link, and this link makes sure the data that is exchanged between the two are integral as well as private. With the SSL certificate, you can establish a secure connection and you’re digitally connected to a cryptographic key. Without it, though, you’ll send a message to your visitors that your website is not secure.

The Benefits of SSL Certificates

The primary benefit of having an SSL certificate is to ensure information is secure. Many cybercriminals utilize the fact that the data you send is passed around from different computers until reaching its destination, and this information, when not encrypted, can be compromised while on its journey. The SSL certificate prevents the data being sent from being readable until it reaches the destination of the server that you’re actually sending it to.

Those that are committing cyber crimes are always looking for gaps and weak spots to penetrate within the network so they can extract sensitive information while it’s moving from place to place on the internet. An SSL certification is a frontline of defense against these criminals.

On top of that, you simply give visitors the confidence to move forward on your website. When you have “not secure” warnings that pop up when people visit your website, then they are going to leave. After all, wouldn’t you leave a non-secure website or be hesitant to provide sensitive information on it, like your name and address or credit card number?

Your Next Steps

If you have a website that collects information in areas such as contact forms or if you have a search bar on your site or other spaces that require text input, make sure you have your SSL certification installed. Also, if you have an http:// at the front of your URL, you’ll need to get this task done sooner rather than later to ensure your visitors have a good experience and feel safe on your website. It will only take one visit showing that your site isn’t secure, and the potential customer will likely leave and never return. Get a pro web designer involved to help you secure your website so that both Google and your visitors are satisfied with your security levels.

Do you need to upload a document?

It’s the Heartbleed Virus that has been slowly taking over the Internet for years, but only recently has it come to the public eye. If you’re pretty techie or considered the ‘computer nerd’ in your social circle, chances are that you have come across a couple of these previously, but if not, you’re not S.O.L. Even the techiest of nerds aren’t understanding the Heartbleed Virus. It’s floating around the internet as we speak, and even recently got ahold of thousands of Canadian social security numbers and taxes. Is it as dangerous as it sounds, you ask? Let’s find out.

How The Heartbleed Virus Works

Heartbleed openssl bug vector shapeThe virus attacks the OpenSSL of your software which is a piece of security on websites. With OpenSSL, websites are able to provide encrypted information to those who visit their site, which essentially tracks and secures all data such as passwords, usernames, and user’s browsing cookies, so other’s on the site can’t see it.

With the most recent OpenSSL version (1.0.1 launched on April 19th, 2012), there was a little bug that came with it which allows a person (and nasty hackers) to get any information on the memory of a site, without even leaving a footprint. As a result, user names and passwords were taken, as well as credit cards, social security numbers in worst case scenarios. (Sorry, Canada). It was an honest mistake and glitch in the system, but it still doesn’t change the fact that the Heartbleed Virus is happening.

What Can You Do?

Heartbleed bugRun! Just kidding. Since the Heartbleed virus is so specific, fewer servers have been affected than what you may believe. While some have estimated that 60% of all internet serves have the bug, it’s believed to actually be as low as under 17.5%. As soon as the discovery was made, the OpenSSL software quickly patched their 1.0.1. program (Now, 1.0.1.g). It is quite possible that even some who installed the infected version may not have been affected at all.

So, do you need to worry? Sure, but there is no need to panic. First, you should change your passwords, especially for services confirmed as vulnerable (Google and Yahoo). You should also be changing your passwords regularly anyway, so this is no big deal. If you can’t keep tabs on your password changes, use password manager apps.

As a little bit of good news, chances are that even if the virus got ahold of your password, the chances of them matching it up with the abundance of usernames it likely has is near impossible. However, people are still taking this precautions and companies are changing encryption keys so ensure that any new data is not vulnerable.

Other than that, you’re probably okay. Relax. The Heartbleed Virus may not have even gotten your information, and as mentioned, unless they’re a puzzle genius, matching it up with the correct combination is near impossible. Just change your passwords and make them at least 10 characters long, with upper and lower case letters and add in a few numbers.

 

[youtube id=”IHjOJVbOZOk” width=”600″ height=”350″ autoplay=”no”]

Do you need to upload a document?

×

Get Our Pricing Guide

Enter your email address below, and we'll send your our current pricing guide immediately


[MySiteAuditor id=5]