"It is easy to run a secure computer system. You merely have to
disconnect all dial-up connections and permit only direct-wired terminals,
put the machine and its terminals in a shielded room and post a guard at
the door."
F.T. Grampp and R.H. Morris
By: Diane Currie & Anne Louise Currie
As Internet entrepreneurs, we are always struggling with balancing the necessity to rapidly adapt to changes in the industry with the necessity to manage the risks associated with new, relatively untested technologies and business models.
Moving core business functions and processes to the web exposes companies to an increased risk of theft and fraud over the Internet. Much has been written, and many have speculated about the nature and extent of the risk to companies from web-based transactions and web accessible databases. As entrepreneurial companies move their business functions (selling, hiring, researching, information processing) onto the Internet, security and risk management becomes a significant issue. If a company starts to fulfill the majority of their orders online, for example, even the appearance of vulnerability could put their core business in jeopardy.
In addition to the risk from deliberate tampering, moving significant parts of a business process to the web also increases the risk of serious strategic or operational error. To reduce the risk of theft or fraud, companies must select and implement potentially costly security measures: encryption, firewalls, and digital signatures. Reducing the risk of strategic errors or costly public relations blunders, is more subtle, and perhaps more complex.
On the other hand (and here is where the delicate balancing act comes in), if we don't take some risks and move into new areas quickly and decisively, then we risk becoming a dinosaur, and losing to our competitors. Don't think it could happen to you? Take the example of retailer "Toys R Us" - they awoke late to the e-commerce game and spend last year watching newcomer EToys (www.etoys.com) dominate the online toy market. Many companies are wisely deciding to move forward perceiving the risk of missing the market as the larger and less acceptable one.
As the quote at the top of this article suggests, on a networked system, it is impossible to absolutely guarantee complete security, short of unplugging the computer. The reality is that whenever you have information going out over the Internet, you face the risk of that information being tampered with. However, as technology evolves, so to do more sophisticated tools of securing information from hackers. The question then becomes, - what is acceptable to your company?
One measurement of an acceptable level of security is the status quo. How can you ensure that the risks of web based transactions are, at least as low as the risk of traditional 'paper and ink' transactions? Provided you are satisfied with the security of the pre-Internet system, then how can you ensure an equal level of security after the business process becomes web-enabled?
A simple example is the collection of credit card numbers online. If you are uncomfortable with typing in your credit card into a web site, think about your current comfort level with giving your credit card over the phone, or handing it to a waiter in a restaurant. Questions you might ask yourself on these 'traditional' transactions would be - am I comfortable with this company? Do they have an acceptable reputation and track record? Did I initiate the contact with them, or did they contact me? Before you type in a credit card transaction over the Internet, ask yourself the same type of questions (i.e. if the web site is called "www.fly-by-night.com" you might want to reconsider).
Security on the Internet has been an item of interest lately, for both merchants and consumers. A recent Angus Reid/Globe and Mail poll of 1,500 Canadian adults found that a majority of those surveyed -- 52 per cent -- pegged security as their primary concern about E-commerce. These concerns have, in part, been fueled by a number of well publicized security breaches and virus outbreaks recently, including the "Melissa virus" that temporarily crippled Microsoft earlier this year, and the July 2 security breach or "hack" at Network Solutions, Inc. (the largest domain name service on the web).
The measure of a company's security system is not so much that they were "hacked", but how quickly they noticed it, responded to it, and recovered from it. Each of these companies detected the problem, implemented damage control procedures, and recovered quickly. Security basics, including system monitoring, virus protection, and recovery and backup plans are crucial to the success of your online business. Check with your technical staff or with your web development/consulting company about what security measures are in place.
Unfortunately, hacking into web sites, the creation and spread of viruses, etc., are becoming as common as shoplifting in a retail mall. Just like physical locks, alarm systems, and security guards protect the mall merchants, technologies such as passwords, encryption, firewalls, digital signatures, etc.. are available to protect virtual merchants. Don't close up shop or miss growth opportunities due to security fears. It's all a balancing act.
Authors
This article was co-authored by Diane Currie and Anne Louise Currie, the "Cybersisters" and co-founders of Digital Ripple. Digital Ripple offers WebSuccess training programs, WebSuccess coaching, research, writing and strategic web development services.
To learn more about how Digital Ripple can build profits, reduce costs and answer your Internet questions, contact the Digital Ripple consultant nearest you.