eRisk Assessment
There are numerous straightforward and inexpensive measures you can take to ensure that you and your customers benefit from using e-Commerce.
1. Establish a privacy policy that your customers and other visitors of your e-Commerce website can read. Consider your commitment to maintaining the confidentiality of information, as well as stating how visitors should observe appropriate usage of the facilities provided, and contact you if they experience difficulties or have any concerns.
2. Evaluate the best place to host your e-Commerce website. It is likely that an external hosting provider will provide you with a reliable and professional means of storing confidential customer information. Satisfy yourself that they are capable and experienced in providing security. If you insist upon hosting the site yourself, make sure you are fully aware of the security implications.
3. Ensure both the privacy and authenticity of customers and their information by using technologies such as PKI (Public Key Infrastructure) and preferably SSL (Secure Socket Layers) encryption. SSL is the mechanism which publicly shows website visitors whether it is safe to use (i.e. the web browser displays a ‘padlock’ icon and shows the address prefix as ‘https’ rather than ‘http’). Consult specialist advice unless you are confident in installing these technologies yourself.
4. Consult the guidelines for e-Commerce security set out in the PCI DSS (Payment Card Industry Data Security Standard). PCI represents the demands of Mastercard, Visa, AMEX etc. as regards security bestpractice, and it is becoming increasingly mandatory for organisations wishing to retain permission to accept these and other card brands.
5. Install a firewall solution to protect your internal network and the files stored on databases within it. By doing this, you are separating the most sensitive parts of your ICT infrastructure from the ‘open’ elements that encourage anybody on the Internet to trade with you.
6. In some cases, you may need to install a highly specialised solution such as a web application firewall. This will dynamically protect your website from almost any conceivable web-borne threat. If your underlying e-Commerce Software application is based upon an ‘off-the-shelf’ product, make sure you stay abreast of the manufacturer’s security patches, and implement them accordingly.
7. To safely exploit the many benefits of using e-Commerce, consult a qualified ICT advisor with expertise in information/network security. They will be able to advise on a solution appropriate to your needs and budget, and how a strategy for securing e-Commerce should fit alongside a broader security strategy for your entire ICT system, both internally and externally facing.