Listen to this page: 
OWASP Top 10 Privacy Risk Countermeasures
OWASP is the acronym for the Open Web Application Security Project 
.
10. Insecure Data Transfer
- Risk Description
-
Failure to provide data transfers over encrypted and secured channels which would exclude the possibility of data leakage.
-
Failure to enforce mechanisms limiting the leak surface, e.g., allowing the inference of any user data out of the mechanics of Web application operation.
-
- How to check?
-
-
What are the policies for protecting data in transit?
Is data encrypted during transfer?
Are secure protocols and algorithms used?
-
Are privacy-friendly protocols available for transfer?
-
Are private protocols enforced where appropriate (e.g., login is only available over HTTPS, and sensitive records only accessible by TLS or SFTP)?
-
- Countermeasures
-
-
Always send personal data by secure protocols, i.e., not an insecure protocol like ordinary email, many instant messaging clients, FTP.
-
Configure transfer protocols so they are secure enough for the types of data being transmitted.
-
Allow connections using the best available secure protocols, where possible.
-
Disallow weak protocols for sensitive information.
-
Avoid personal information in the URL, especially if the data transfer is unencrypted.
-
Activate privacy in protocols (e.g. Privacy Extensions in IPv6).
Support TLS/DTLS, do not support SSLv3.
-
Use ECDHE and GCM ciphers, do not support static RSA key exchange and CBCbased ciphers.
-
- Examples
-
-
Configure services to disable broken security protocols such as SSLv3.
-
Configure services to enable the latest secure protocols.
-
Enforce HTTPS for the entire Web application session, from first visit to login page to completion of logout.
-
Disable vulnerable file transfer services such as Telnet and FTP on file servers. Enable secure transfer protocols instead.
-
About the insecurity of current internet technologies and the initiative to build new ones: see You Broke the Internet.org
-
- References