" captcha Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Posts Tagged ‘captcha’

Are you encouraging insecurity via your Web site contact and intake forms?

Friday, April 15th, 2016

Many Web sites have “contact us” pages and other Web forms for receiving requests from existing or potential customers.  This includes “new patient intake” forms on the Web sites of healthcare providers.

 

The garden variety Web form suffers from several serious problems:

  • Spam – Getting unwanted form submissions from Web robots.
  • Privacy – Often, sensitive data is submitted insecurely through these forms.
  • Archival – You may need an archived record and backup of all submissions.
  • Notices – You may need to be alerted of form submissions, even if you are not online.

Proactive privacy vs. neglect of privacy

When your Web forms transmit data insecurely, store or send data insecurely, or otherwise to do not treat the data submitted with the level protection that it deserves, you are putting the users of your forms at risk.

The typical argument is that “it is up to the user of the forms to decide if they want to submit sensitive information.” In fact, many insecure forms even have disclaimers requesting people to not submit sensitive information if they have concerns … and then the forms go on to ask lots of sensitive questions.   Especially without a disclaimer, but even with one, the form is actively soliciting people to submit their information insecurely and requesting them to take risks with their private data.   This is not good.

In areas such as healthcare, where these forms are often collecting sensitive health data (protected health information – PHI), the fact that an organization solicits the submission of PHI through insecure, non-HIPAA-compliant means is far from a “best practice”.  Why?

Read the rest of this post »

6 ways to improve your web site forms

Wednesday, February 18th, 2015

Web site forms are ubiquitous.  Every site needs them to engage their visitors, collect information, makes sales, etc.  They are easy to add to your site, but not necessarily easy to do right.

Make a quick web form using some generic web site authoring software and put it up on your site and it may work, but you also may have serious issues:

  • Incomplete Forms. Users submitting incomplete forms — e.g. not filling out all of the important fields
  • Invalid Input. Users not entering the “right” information — e.g. not actually putting an email address in the email address field
  • Form Spam Bots. Automated programs may fill out and submit your forms … sending you junk in the form of gibberish or web site URLs they hope you will visit and buy stuff from.
  • Form Insecurity. If your from collects any kind of sensitive information … from passwords to medical data … it could easily be setup incorrectly and allow phishing attacks or data leakage.
  • Stale Forms. You updated your form … but someone just somehow submitted the old version which is not even on the Internet anymore!
  • Connectivity/Server Issues. You don’t want your users to give up because their network is down or your site is down for a few seconds.

All of these problems impact the success of your site — causing everything from annoyance to the inability to contact your sales leads to breaches of privacy.  Fortunately, it is not really hard to plug these gaps and have a solid, productive, and secure web form.

Read the rest of this post »

Web Form Spam – Block Spam without a Captcha Code

Tuesday, February 4th, 2014

Many contact us forms and comment forms are plagued by “web form spam”.   Automated programs crawl the Internet looking for web forms.  When found, they start submitting spam advertisements through the forms in the hopes that some of the recipients of these form submissions will see the ads and act on them.  Almost nobody does … but the spam still comes and gets worse and worse over time.

Read the rest of this post »

Web Forms Reduce Spam and Optimize Business Processes

Wednesday, July 10th, 2013

Businesses of all sizes use general purpose email addresses, like info@company.com or support@company.com, as conduits for information, Support, Sales, Billing, and other requests from customers.  On the surface, there is an apparently very good reason for this: many customers appreciate the simplicity of being able to send an email message.  It’s best to be as flexible as possible and reduce the time that the customer must spend to get a response, right?

There are actually many significant downsides to accepting general customer requests via email; downsides which can actually cause friction, slow the response process, or result in missed opportunities.  We will cover many of these issues, below.  The solution, is to use targeted specific web-based forms to collect customer requests; we will also discuss why this is a better approach.

Read the rest of this post »

LUXSCI