- 22-03-23Just Enter IT: Word jij onze nieuwe Support Engineer?
- 17-03-23BIT-2A upgrade: Nieuwe koelmachines
- 30-12-22Wijziging stroomtarieven en portal updates
- 25-11-22BIT Friday
- 21-09-22BIT levert restwarmte aan Warmtebedrijf Ede
- 14-09-22Ruim helft organisaties kijkt naar duurzaamheid in keuze voor datacenter of cloudprovider
- 17-08-22Grand Prix Radio kiest voor betrouwbare hosting van radio-automatisering bij datacenter BIT
- 10-08-22Helft IT-beslissers gaat bij keuze voor nieuwe cloudleverancier voor grote naam
- 21-07-22Ruim een derde van IT-beslissers wil overstap maken naar Europees cloudplatform
- 30-06-22Eén op de vijf IT-beslissers heeft weinig vertrouwen in databescherming en privacy in de cloud
Majority banks do not or not sufficiently secure online data transport
Not one single bank has optimal setup website security
Ede, February 12, 2019 – Over half (52%) of the Dutch banks does not have its TLS configuration in order. TLS (Transport Layer Security), previously called SSL, is the security protocol that secures the communication between websites and their users. During communication on the internet, this protocol can be recognised by the use of HTTPS (HyperText Tranfer Protocol Secure). Part of the organisations does offer HTTPS, but has not fully configured it. This is one of the results of research performed by data center BIT into the use of security standards by different websites. The data center checked 23 Dutch bank websites for this study.
Websites banking system not optimally secured
In addition to half the websites not having TLS configured fully, over three quarters (78%) has no DNSSEC, which can prevent redirects to malicious websites. Also, more than a third (35%) of the banks uses Google Analytics, which allows Google to create detailed profiles of the website’s visitors. This is all at the expense of the visitor’s privacy and is not easy for them to turn off. One of the banks does not even notify the use of cookies, despite using Google Analytics.
Alex Bik, CTO at BIT: “Even though there is no need for alarm bells, I cannot begin to understand why banks, of all institutions, do not have the security of their websites a hundred percent in order. There is no excuse to not have TLS set up completely; the missing measures are exceptionally easy to implement. The use of Google Analytics is shocking to me. The banks in question are selling their client’s privacy in a way to get marketing statistics, without providing the proper notifications.”
Visit Internetschoon.nu for stepping stones to contributing to a safe and clean internet.