darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-10 05:14:05 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
403e133b80bb46292ea141efcb2f3bd39f3b70a1
notifications-admin/app/templates/views/information-security.html
Chris Hill-Scott 2750dc9b61 Remove links from example URLs
2016-11-10 10:10:43 +00:00

196 lines
12 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{% from "components/banner.html" import banner_wrapper %}
{% extends "withoutnav_template.html" %}
{% block page_title %}
Information security guidelines GOV.UK Notify
{% endblock %}
{% block maincolumn_content %}
<div class="grid-row">
<div class="column-two-thirds">
<h1 class="heading-large">
Information security for text messages, emails and letters
</h1>
<p class="lede">Use a practical approach to information security, one that balances a users need to be kept informed with being kept safe.</p>
<section id="contents">
<h2 class="heading-medium">Contents</h2>
<ul class="list list-bullet">
<li><a href="#start-with-needs">Start with user needs, not government needs</a></li>
<li><a href="#understand-the-risks">Understand the risks</a></li>
<li><a href="#information-security-guidelines">Information security principles</a></li>
<li><a href="#examples">Examples</a></li>
<li><a href="#you-can-do-more">You can do more if you want to</a></li>
</ul>
</section>
<section id="start-with-needs">
<h2 class="heading-medium">Start with user needs, not government needs</h2>
<p>Start by writing the message you want to send. Dont worry about the information security aspect just yet write the message you want to convey as clearly and directly as possible.</p>
<p>Use our <a href="https://designpatterns.hackpad.com/Notifications-5vuitmNqIjZ">design patterns</a> along with the <a href="https://www.gov.uk/topic/government-digital-guidance/content-publishing">GOV.UK style guide</a> to help you write clearly and convey the right information at the right time.</p>
<p>Once you have a message which meets user needs, look at it in relation to the risks we outline. Use this to decide if you need to change the message in order to keep the users safe.</p>
</section>
<section id="understand-the-risks">
<h2 class="heading-medium">Understand the risks</h2>
<p>There are 3 main risks involved in sending notifications by text message, email or letter:</p>
<ol class="list list-number">
<li>Someone accidentally sees the notification.</li>
<li>An attacker intercepts a message, or gains access to someones email inbox, phone messages or paper files.</li>
<li>An attacker tricks the user by sending a fake notification (phishing).</li>
</ol>
<h3 class="heading-small" id="risk-privacy">Someone accidentally sees the notification</h3>
<p>For some messages, the recipient would be unhappy if someone else accidentally saw the contents, for example, the results of a recent medical test.</p>
<p>This is a privacy issue in this case the unintended recipient isnt trying to steal money or identity information.</p>
<p>To address this risk, dont reveal the important information in the subject line or opening sentence, or ask the user to sign in to see the information in full.</p>
<h3 class="heading-small" id="risk-fraud">An attacker intercepts a message, or gains access to someones email inbox, phone messages or paper files</h3>
<p>Its possible for hackers to intercept messages. Text messages, emails and letters can all be intercepted.</p>
<p>Its also possible for a criminal to gain access to someones entire email inbox, phone messages or paper files. Email accounts can be hacked, phones and paper files can be stolen, left lying around or picked out of the rubbish.</p>
<p>In both cases, criminals are looking for information they can use to commit fraud. To address this risk, dont send payment details, ID numbers or any other information that can be used for fraud.</p>
<h3 class="heading-small" id="risk-phishing">An attacker tricks the user by sending a fake notification (phishing)</h3>
<p>In this scenario, a hacker sends lots of messages pretending to be from an official government service, hoping to trick someone into revealing information of value.</p>
<p>This is known as a phishing attack.</p>
<p>To address this risk, dont send requests for personal information of any kind, unless the request is directly connected with a transaction.</p>
</section>
<section id="information-security-guidelines">
<h2 class="heading-medium">Information security principles</h2>
<h3 class="heading-small" id="guideline-privacy">Protect the users privacy</h3>
<p>To avoid someone other than the recipient accidentally seeing a message that has sensitive or confidential information, either:</p>
<ul class="list list-bullet">
<li>use a generic subject line and opening sentence, and only give the information in full within the body of the message</li>
<li>send a generic message which asks the person to sign in to see the information in full</li>
</ul>
<p>Remember that even the sender ID also reveals information. For example, dont set your sender name as STI clinic.</p>
<h3 class="heading-small" id="guideline-fraud">Dont send information that can be used for fraud</h3>
<p>To reduce the risk if messages are intercepted, hacked or stolen, dont send messages with:</p>
<ul class="list list-bullet">
<li>payment details</li>
<li>passport, driving licence, or National Insurance numbers, or any other personal ID numbers</li>
<li>the persons date of birth, mothers maiden name or other information commonly used for identification</li>
<li>the persons full address or previous addresses</li>
<li>passwords (cmon team)</li>
<li>payment amounts if you use them as a form of identification</li>
</ul>
<p>Payment details can be used for fraud straight away. Other information requires a bit more work. For example, an attacker might use one piece of information to get hold of another, eventually gaining enough information to commit fraud. Or a criminal might use information from several old messages to steal someones identity.</p>
<h3 class="heading-small" id="guideline-phishing">Dont send requests for personal information of any kind, unless the request is directly connected with a transaction</h3>
<p>To reduce the risk from phishing attacks, dont send requests for personal information of any kind, unless the request is directly connected with a transaction.</p>
<p>Its OK to send a request for personal information if its directly connected with a transaction. For example it's OK to send a notification with a link asking users to reset their password if they've requested it by clicking on a Forgot your password? link.</p>
<h3 class="heading-small" id="guideline-links">Its OK to include links</h3>
<p>The same rules apply to links:</p>
<ul class="list list-bullet">
<li>Dont send links that reveal information that can be used for fraud.</li>
<li>Dont send unsolicited messages that include a link requesting personal information of any kind (its OK to send a message with a link requesting information if the user has just requested it).</li>
</ul>
<p>There are additional rules that apply specifically to links.</p>
<ol class="list list-number">
<li>Links must point to a .gov.uk domain for example, https://www.gov.uk or https://www.armslengthbody.gov.uk.</li>
<li>Links must show the URL in full for example https://www.gov.uk/vehicle-tax, not gov.uk/vehicle-tax.</li>
<li>Dont use redirects or tracking links disguising the URL makes phishing easier. Just show the URL in full.</li>
<li>Dont link directly to a sign-in page this is a request for personal data. If the user needs to sign in to your service, link to your start page on GOV.UK.</li>
<li>Its OK to deep-link into your service, as long as the user doesnt have to sign in to view the information or take action.</li>
</ol>
<h3 class="heading-small" id="guideline-attachments">Dont send attachments</h3>
<p>If you want to communicate something, write it in the body of the email. This is more user-friendly. If the information is too sensitive to include in the email body, its too sensitive to include in an attachment.</p>
<p>If you need to send someone a file, make the file available within your service, then link to it.</p>
<h3 class="heading-small" id="guideline-name">Include the users name it makes phishing more difficult</h3>
<p>Start your message by addressing the user. For example, Hi Alice Smith, or Dear Bob Jones. Including this extra piece of information makes phishing more difficult.</p>
<h3 class="heading-small" id="guideline-technical">Use technical approaches to improve privacy and prevent phishing</h3>
<p>There are several technical approaches to preventing phishing. You must use <a href="https://www.gov.uk/guidance/common-technology-services-cts-secure-email-blueprint">SPF/DKIM, DMARC</a> and <a href="https://en.m.wikipedia.org/wiki/Transport_Layer_Security">TLS</a>.</p>
<p>SPF/DKIM and DMARC make sure your emails get delivered, whilst phishing and spam email gets filtered into junk mail.</p>
<p>TLS makes sure that no-one can intercept your emails.</p>
</section>
<section id="examples">
<h2 class="heading-medium">Examples</h2>
<h3 class="heading-small">Example of an appointment reminder</h3>
<p>“Dear Anne Smith, youve got a licence appointment tomorrow at 2:15pm at the Licence Office, 1 Chapel Hill, Heswall, Bournemouth BH1 1AA. To cancel your appointment, visit licensing.service.gov.uk/appointment/12345678/cancel. To change your appointment time, sign in to your account.”</p>
<p>This is a good example because:</p>
<ul class="list list-bullet">
<li>the message and link doesn't reveal any sensitive personal data</li>
<li>it doesn't ask for personal data, passwords or payment details</li>
<li>the reminder addresses the user by their name, making phishing attacks more difficult</li>
<li>the link just cancels the appointment which minimises what an attacker can do</li>
<li>users have to sign in to change the appointment time, making it harder for an attacker to know what their appointment time is</li>
<li>the topic is something the user is familiar with</li>
</ul>
<h3 class="heading-small">Example to add a photo to an environmental permit</h3>
<p>“Dear Andrew Jones, to add a location photo to your environmental permit application, visit environmentalpermit.service.gov.uk/12345678/add-photo. If you didnt request this link, please ignore this message.”</p>
<p>This is a good example because:</p>
<ul class="list list-bullet">
<li>the message and link doesn't reveal any sensitive personal data</li>
<li>it doesn't ask for personal data, passwords or payment details</li>
<li>the reminder addresses the user by their name, making phishing attacks more difficult</li>
<li>the link only lets users add a photo to an environmental permit application it doesnt complete the process, which minimises what an attacker can do</li>
<li>it shows users what to do if the message doesn't apply to them</li>
</ul>
</section>
<section id="you-can-do-more">
<h2 class="heading-medium">You can do more if you want to</h2>
<p>These guidelines are the minimum requirement. You can take stricter measures for your service if you think it's necessary.</p>
<p>Just make sure youre balancing your users needs to be kept informed and kept safe.</p>
</section>
</div>
</div>
{% endblock %}
Reference in New Issue View Git Blame Copy Permalink