Saturday, February 28, 2009

Don't Get Hacked - Best Practices For Protecting Your Business

Don't Get Hacked

You've seen it in the news - 40 million credit cards exposed!

With all the news about web sites being hacked and cyber thieves stealing credit card numbers and other personal data, it's no wonder that some shoppers are still hesitant to provide payment information online. You don't have to be.

Is it enough that users trust you?

Common marketing wisdom shows that one of the most valuable assets any Internet Marketer has is trust. People go to extreme measures to build this trust - online pictures, testimonials,
audio - some even go as far as to open storefronts to give people that "good feeling".

But all of this may simply not be enough.

A recent Harris Interactive survey found that 75 percent of consumers polled worry that companies will share personal data with other corporations without permissions, while 70 percent doubt the security of online transactions and 69 percent fear that hackers will steal their personal data submitted online.

You see, just because a user trusts you, doesn't necessarily mean that the customer trusts your website or your payment processor.

Once you've established rapport with your customer base, the next step is to build trust in your website.

Whether you collect credit card information yourself, or have a third party processor handle your transactions for you, it's crucial that people understand that you are serious about protecting their privacy and information.

Here's a few things you can do to help out.

*) Install a Secure Server Certificate on your server to close that "lock" on people's browsers. Even if you don't collect credit card information, people feel better about having the information they send to you be secure. Also, consider using a "top tier" Certificate provider, such as Verisign.

While other providers may have nearly equally secure solutions, the reason you are buying the certificate is to instill trust in your customers, which other providers do not necessarily have in abundance.

*) Have a clear, clean privacy policy statement in addition to the "legalese" required by the FTC. If you don't sell addresses, tell people so.


*) Secure your server. I know that this seems obvious, but most people pay no attention to their webserver or the software they are running. Knowing what software you have running, and keeping up-to-date on patches will help significantly.

*) Install an Intrusion Detection System (IDS) I estimate 73% or more of all websites have no intrusion detection system in place. What this means is that not only can most websites be hacked easily, it is very likely that the website owner has no clue if that they have been compromised.

*) Turn off unneeded services and ports, and uninstall unused software. The premise here is that the less "stuff" on your machine, the less chance for exploit. For example, MySQL listens on the Internet for messages form other servers, yet most small websites access the database system only from the machine it is running on. It is very simple to make MySQL "invisible" to the Internet - making it much more secure if you don't need to access it from other systems.

There are many, many more simple techniques like this you can apply to your server to keep hackers out.

In summary, consumers are quickly becoming Internet savvy and they take their privacy seriously. There is nothing, and I mean nothing, that can hurt your credibility more than your customers and potential customers getting SPAM to email addresses that they provided only to you - in the best case, they will think that you sold their address.
Responding that no, you didn't sell their address, but someone hacked your server and stole ALL their personal information won't make them feel a whole lot better about doing business with you in the future.

0 comments:

Post a Comment