It’s sort of “unfashionable” to be too concerned about online security in e-commerce. Everything looks OK- With encryption, SSLs, etc, there’s a lot of software out there doing the job, and the business side security is constantly monitored by the big guys like banks, PayPal and the credit card companies. Sadly, that’s not the case. Security is an ongoing area of concern for business IT Support, with good reason.
In 2009, the FBI’s Internet Crime Complaint Center (IC3) received 336,355 complaints. That was a 22.8% increase on the previous year. The total monetary loss was $559.7 million, up from $264.6 million in 2008. Reports of increasing sophistication of cyber crime software had been rampant in the industry during the 2008-9 period, and proved to be all too true.
Some myths about cyber crime and e-commerce
Cyber crime has achieved an almost mystical status among the online community. It’s a “Here there be dragons” sort of mythology.
However- The myths are very wide of the mark in many ways:
• Hackers are software geniuses: No, they’re not. Most of them have nothing to do with the development of the software. They buy their software online, and they often buy outdated viruses, worms and other types of malware.
• Hackers are wild-eyed revolutionaries, fighting “the system”. No, they’re basically criminals, no more, no less, and often involved with organized crime. They’ve been known to crash hospital computers, and cause a lot of misery to poor people by cleaning out their accounts. There are no Robin Hoods in cyber crime.
How to make your e-commerce security as good as it can get?
The main danger to e-commerce, in fact, is ignorance. There are plenty of ways to make sure your security can deal with threats, and it’s important to understand what’s involved.
These are the basics:
1. Keep your security current: You should have security software which automatically upgrades regularly. Most security software is pretty cheap, and all the major brands, like PC Tools, AVG, etc, provide good real time coverage.
2. Upgrade your operating systems with the latest patches: This is absolutely essential. 99% of the time, malware exploits weaknesses in operating systems to get through security. All operating systems, like Windows, Adobe Flash, Java, etc, experience security issues at some time. Best practice is to get on top of these problems ASAP.
3. Penetration testing: If you’re a big business with a big IT system and a lot of online transactions, you need professional assistance to cover all the angles. Penetration testing is a comprehensive form of security evaluation, conducted by security experts. Every facet of your system is subjected to “internal” and “external” penetration tests to find vulnerabilities. The consultant then creates solutions for your system.
4. Staff training: The better informed your staff, the better your online security becomes. This is a “same page” effect, to make sure everyone understands the security protocols and reduce the chance of mistakes.
5. Make sure your IT Support section has the resources to do the job: You don’t get second chances if your business comes under cyber attack. If you’re a smaller business, or trying to do it all yourself, you may want to outsource your IT support, which will include security services.