A help button needed on every website

The Information Security Awareness Forum (ISAF) is calling for all websites to feature mechanisms to allow users to report security breaches and incidents of abuse.

The ISAF supports the principle that every website that users interact with should have a clear routine for providing feedback, which includes instructions on how to report problems such as abuse, impersonation, fraud etc.  This should be provided for all sites that are visited by an ordinary consumer, including social networks, gaming and e-commerce.

According to Dr David King, ISAF's chairman: “The simplest routine might be to use a button or click entry which leads to a semi-standard "Security Advice" page with instructions on how to report to the organisation's own incident response team (if applicable) as well as generic advice and contacts. This would enable a consumer/user to inform the intended website of issues, and for the website to manage an appropriate response – which may include liaison with police and anti-fraud authorities.”

The page for contact/feedback should also provide links to sites that provide targeted security advice. A list of sites is available at the home page of the ISAF (see http://theisaf.org). Sites that are likely to be of particular relevance to most audiences include Get Safe Online http://www.getsafeonline.org.

Dr David King said: “To avoid the risk that a hacked website might lead the user to a source of false advice, websites should encourage users to cut and paste links to these reference site into a browser as a matter of practice.”