E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.		 LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


BUG-PROOFING YOUR E-COMMERCE SYSTEM

8 Ways to Prevent Losses

Source: CPA Technology & Internet Advisor

Posted on October 24, 2000

      If you don't think that Internet security breaches present a threat to your firm, then you might be interested in the results of a recent survey.

      Nearly 75 percent of companies in the 2000 Computer Crime and Security Survey reported financial losses from security breaches within the last year. And for the third year in a row, more respondents (59 percent) cited their Internet connection as a frequent point of attack than cited their internal systems (38 percent).

      The study was conducted by the Computer Security Institute (www.gocsi.com) in cooperation with the San Francisco Federal Bureau of Investigation's (FBI's) Computer Intrusion Squad. Forty-two percent of survey respondents were willing and/or able to quantify their financial losses; losses reported by those 273 respondents topped $265 million. This figure is more than double the average annual total of financial losses reported in the previous three years.

      Of the survey respondents who conduct e-commerce on their Web sites:

  • Nineteen percent suffered unauthorized access or misuse within the last 12 months.
  • Thirty-two percent said they didn't know if there had been unauthorized access or misuse.
  • Thirty-five percent of those acknowledging an attack reported two to five incidents; 19 percent reported 10 or more incidents.
  • Sixty-four percent of those acknowledging an attack reported Web site vandalism.
  • Sixty percent reported denial of service.
  • Eight percent reported theft of transaction information.
  • Three percent reported financial fraud.

What to Do

What can you do to minimize the risk of Internet security breaches in your firm?

      Start by strengthening software firewalls and boosting antivirus software to thwart hackers and system infiltration. But keep in mind that neither firewalls nor antivirus software packages are foolproof. That's because hackers and antivirus software companies are in an arms race. As new computer viruses are created, computer systems are vulnerable unless new antidotes are developed and used by companies.

      The best way to avoid security breaches is to implement a loss control approach. Here are eight risk management tips to follow:

  1. Don't depend solely on firewalls.
    You should have firewalls, but you also should appreciate their vulnerabilities. Firewalls help thwart external threats. But the integrity of your e-commerce system can be jeopardized from inside your firm by a disgruntled employee, for example.

  2. Design security into your e-commerce strategy
    Security factors should be incorporated during the design stage of your e-commerce strategy. Don't make the mistake of "tacking on" security at the backend of your e-commerce system. Security as an afterthought maximizes the odds of key system gaps.

  3. Install systems capable of handling volume spikes.
    Your e-commerce site will be more impregnable to denial-of-service attacks by hackers, competitors, or insiders. Boosting your traffic capacity makes your site less vulnerable to hackers attempting to flood it and shut it down. Design the system to handle peak-load periods or install queuing systems to trim the odds of your web site being overwhelmed.

  4. Constantly probe for system weaknesses.
    In the U.S. Navy, special teams infiltrate bases in order to assess areas of security vulnerability. The "invaders" later debrief officials on ways to bolster security. You can benefit from this approach, too. Consider hiring friendly hackers to see how easy or how difficult it is to infiltrate your computer system. For a fee, firms that offer "ethical hacking services" will break into your system to demonstrate its vulnerabilities.

    The head of IBM's unit, Michael Puldy, says that Big Blue's ethical hackers can successfully penetrate 75 percent of the systems they target. Once inside, they can locate passwords and sensitive files, access the corporate e-mail server, and read everyone's e-mail.

    If you identify your vulnerabilities, you can maximize security and minimize the risk that hackers or competitors with less benign intentions will infiltrate your systems

  5. Create centralized responsibility for assessing and addressing system vulnerabilities.
    Choose one person, such as your chief information officer or IT manager, who will be accountable for assessing and fixing system vulnerabilities. Then develop a culture in which all employees consider e-commerce security part of their jobs. This could range from keeping passwords closely guarded to making sure that computer terminals are turned off at workstations when not in use.

  6. Emphasize early detection and loss mitigation systems.
    Despite the best plans, disruptions may occur. Put software and personnel in place to detect problems early and to marshal resources that limit any damage to your firm.

  7. Take legal action against attackers.
    If the security of your e-commerce system is compromised and the responsible parties are identified, take legal action against them. That can include cooperating with law enforcement in pressing criminal charges or filing civil suits for damages, although a civil suit may be a long shot in terms of actually collecting money. Legal action is the best way to deter future mischief.

  8. Monitor continually and update your system.
    You can't just cross off e-commerce loss control from your to-do list. You must make a continual and ongoing commitment to monitor and upgrade your e-commerce system. E-business brings new opportunities as well as new perils. By implementing sound loss control measures, you can manage the risks and protect your firm.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.