Doing business online is getting to be a “must” for most small businesses. One issue commonly seen as a downside to e-commerce, however, is security. How do you make the commercial Web experience safe, secure, and private?
Several of the toughest issues in this regard are built into the technology itself. The Web has a great capacity to measure the customer’s every move. This great plus can easily be seen as a huge minus by the would-be customer. A recent survey has shown that 86 percent of Internet users are seriously concerned about security and privacy. What can you do to deal with the apprehensions of this large population? Here are a few steps that should impact the problem:
• Create a general tone on your site that inspires trust. As a web visitor, what qualities in a site tend to evoke trust from you? Although you might not be readily able to answer that question, you very likely can answer the opposite question: What qualities in a website suggest distrust to you? Promises that seem empty? Offers that appear far too good to be real? You can probably think of many others. Avoid all of them, and develop a reputation for dependability and professionalism.
• Take a very close look at the data you collect. What methods are you using to collect the data? What purpose do you have in collecting it? Most importantly, do the people who use your site know what you are doing with data about them? Are you collecting more data and more categories of data than necessary?
• Develop a company privacy policy and make it clearly visible to customers. “Clearly visible” means it should be visible on virtually every page of your site. Of course, your company must abide by your policy consistently to make it meaningful.
How about your own security from hackers and other unwanted visitors? This is the other side of the security issue. Here are some state-of-the-art approaches to the security that a website must have for itself:
• The use of a firewall. By definition, a firewall is device that incorporates software and hardware, which keeps unwanted users from accessing company computer systems without jeopardizing the users who need to be there. The most common problem with firewalls is that they are often installed carelessly and end up doing little permanent good. A study by ISCA.net, a security consulting company, showed that as many as 80 percent of firewalls fail to do their job, largely because of poor installation. The lesson is to hire a professional with a reputation for thoroughness.
• The use of detection software. Detection software acts like a burglar alarm. This type of software provides constant surveillance on your business’s server, producing an alarm signal in the event of an invasion. Two types of detection devices used currently are intrusion detection software and virus detection software.
If you use an intrusion detection system, be sure that your software package includes a method of recording break-in attempts with as much detail as possible. Also, much of the extant software includes some type of location detectors–devices that allow you to trace the work of your enemy hacker back to a central point of origin.
Virus detection software scans your system for the intrusion of nuisance programs that are designed to debilitate your system in some way. Viruses vary in intensity from the trivial to the extremely damaging. Hackers worldwide seem to be constantly creating new programs that use new and different principles of attack and tactics of accessing systems. Thus, you must be updating your virus detection software quite often. This might seem expensive, but a virus ripping through your system can be vastly more expensive and damaging.
Here are some information sources that could help you–far beyond the scope of this brief article:
• The Computer Security Institute can be accessed at www.gocsi.com. This is a very good, up-to-date source of information on web security for
the entrepreneur.
• A magazine called Information Security can be investigated online at www.infosecuritymag.com.
• The Business Security e-Journal is a monthly newsletter your business can receive free of charge. Find out more at www.lubrinco.com.
Who knows what the future holds in the area of computer security? Whatever happens, be sure you stay ahead of the problems by being proactive and by maximizing security and privacy for both you and your customers.
Lowell H. Lamberton is Professor of Management at Central Oregon Community College. You may call Professor Lamberton at 541/383-7714 or llamberton@cocc.edu.