Update information-security.html

This commit is contained in:
SheryllGDS
2016-11-09 14:55:38 +00:00
committed by GitHub
parent 87368af338
commit 267b7f579c

View File

@@ -109,22 +109,18 @@ Information security guidelines GOV.UK Notify
<h3 class="heading-small" id="guideline-phishing">Dont send requests for personal information of any kind, unless the request is directly connected with a transaction</h3>
<p>To reduce the risk from phishing attacks, dont send <strong>requests</strong> for personal information <strong>of any kind</strong>, unless the request is <strong>directly connected with a transaction</strong>.</p>
<p>To reduce the risk from phishing attacks, dont send requests for personal information of any kind, unless the request is directly connected with a transaction.</p>
<p>Its OK to send a request for personal information if its directly connected with a transaction. Here are 2 examples of where it would be OK:</p>
<p>Its OK to send a request for personal information if its directly connected with a transaction. For example it's OK to send a notification with a link asking users to reset their password if they've requested it by clicking on a 'Forgot your password?' link.</p>
<ul class="list list-bullet">
<li>Someone clicks a Forgot your password? link its OK to send them a link where they can reset their password</li>
<li>Someones MOT is about to expire y</li>
</ul>
<h3 class="heading-small" id="guideline-links">Its OK to include links</h3>
<p>The same 2 rules above apply to links:</p>
<p>The same rules apply to links:</p>
<ul class="list list-bullet">
<li>Dont send links that reveal information that can be used for fraud</li>
<li>Dont send unsolicited messages that include a link requesting personal information of any kind (its OK to send a message with a link requesting information if the user has just requested it)</li>
<li>Dont send links that reveal information that can be used for fraud.</li>
<li>Dont send unsolicited messages that include a link requesting personal information of any kind (its OK to send a message with a link requesting information if the user has just requested it).</li>
</ul>
<p>There are additional rules that apply specifically to links.</p>
@@ -146,7 +142,7 @@ Information security guidelines GOV.UK Notify
<h3 class="heading-small" id="guideline-name">Include the users name it makes phishing more difficult</h3>
<p>Start your message by addressing the user. For example, Hi Alice Smith or Dear Bob Jones. Including this extra piece of information makes phishing more difficult.</p>
<p>Start your message by addressing the user. For example, 'Hi Alice Smith', or 'Dear Bob Jones'. Including this extra piece of information makes phishing more difficult.</p>
<h3 class="heading-small" id="guideline-technical">Use technical approaches to improve privacy and prevent phishing</h3>
@@ -160,7 +156,7 @@ Information security guidelines GOV.UK Notify
<section id="examples">
<h2 class="heading-medium">Examples</h2>
<h3 class="heading-medium">Example of an appointment reminder</h3>
<h3 class="heading-small">Example of an appointment reminder</h3>
<p>“Dear Anne Smith, youve got a licence appointment tomorrow at 2:15pm at the Licence Office, 1 Chapel Hill, Heswall, Bournemouth BH1 1AA. To cancel your appointment, visit licensing.service.gov.uk/appointment/12345678/cancel. To change your appointment time, sign in to your account.”</p>
<p>This is a good example because:</p>
<ul class="list list-bullet">
@@ -173,7 +169,7 @@ Information security guidelines GOV.UK Notify
</ul>
<h2 class="heading-medium">Example to add a photo to an environmental permit</h2>
<h3 class="heading-small">Example to add a photo to an environmental permit</h3>
<p>“Dear Andrew Jones, to add a location photo to your environmental permit application, visit environmentalpermit.service.gov.uk/12345678/add-photo. If you didnt request this link, please ignore this message.”</p>
<p>This is a good example because:</p>
<ul class="list list-bullet">