75% of UK police websites 'are risky' for users

Centre for Public Safety reports almost one-quarter of sites lack any encryption

HTTPS browser

Almost three-quarters of UK police websites are insecure and insufficient for keeping user details safe, according to a new report.

Research by the Centre for Public Safety found almost one-quarter of police sites lack any form of automatic secure connection that would otherwise encrypt communications. Of these websites, more than 12 agencies (70%) encouraged users to provide personal details, some of which pertained to specific criminal activity, cases or suspects.

Advertisement - Article continues below

While 27% of the 71 UK policing websites were found to have a world-class standard, the rest have security flaws ranging from "deficient" to potentially "risky" for the public.

The National Crime Agency's Child Exploitation and Online Protection Centre (CEOP) was found to have a "significant vulnerability in their implementation of a secure connection," according to the report.

The report graded police websites based on their implementation of Transport Layer Security (TLS) and Secure Sockets Layer (SSL) authentication protocols.

'C grades' were given to the ActionFraud website and the College of Policing's e-learning service, used to train new and existing police officers.

Cheshire Constabulary, which has recently seen an extensive online upgrade, was dropped from a risky 'C' to an alarming 'F' grade.

"The cost of an A+ graded secure connection is insignificant to these organisations, so the failure to deliver is therefore due either to a judgment that the risk is acceptable, or a lack of awareness of the risk in the first place," states the report.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Surprisingly, varying budgets for online spending seem to have made little difference to overall security. According to the report, the Metropolitan Police invested over 110 million in IT infrastructure in 2014/15, and were found to have insecure connections on their websites.

Constabularies in Dover, Durham and Warwickshire, meanwhile, were able to achieve world-class ratings despite comparably meagre resources.

"Whether in-house or outsourced, it appears that some continue to fail to provide the foundations for the digital transformation that our police forces are both seeking to achieve and expected to deliver," states the report.

The report warned that improving security should be a "matter of priority" given the likelihood of an increase in future cyber attacks.

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement

Recommended

Visit/security/vulnerability/355276/businesses-brace-for-second-fujiwhara-effect-of-2020-as-patch-tuesday
vulnerability

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020
Visit/security/cyber-security/355267/zoom-hires-ex-facebook-cso-to-boost-platform-security
cyber security

Zoom hires ex-Facebook CSO Alex Stamos to boost platform security

8 Apr 2020
Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/security/cyber-security/355271/microsoft-gobbles-up-corpcom-domain-to-keep-it-from-hackers
cyber security

Microsoft gobbles up corp.com domain to keep it from hackers

8 Apr 2020
Visit/software/video-conferencing/355257/taiwan-first-country-to-ban-zoom-amid-security-concerns
video conferencing

Taiwan becomes first country to ban Zoom amid security concerns

8 Apr 2020