The internet is the new frontier, and as on any frontier there are elements of it that are still untamed and lawless. Unlike the frontiers of days past, though, the unruly elements that roam the information superhighway are not limited by physical distance, and they will exploit any vulnerability they can to take advantage. That’s why you must be vigilant if you’re running a business online. Here are some basic tips to ensure that your business and your customers are safe.
Security Fundamentals
There are some measures a business shouldn’t even launch without, so absolutely make sure you have these in place.
The first is an up-to-date SSL certificate. Secure Sockets Layer and the more modern Transport Layer Security are essential security measures that hide the content of communications between servers and clients (in this case, your business’ website and your client’s web browser) and prevent third parties from tampering with it. It also has the effect of changing your site’s web address from an ‘http’ domain to an ‘https’ domain, meaning that it is a very visible security measure that reassures potential customers. Likewise many browsers will flag if your site’s certificate is out of date, which will be very off-putting, so stay on top of this.
The other obvious measure you will need is a firewall. This is an application that filters incoming and outgoing traffic between two or more networks—effectively a digital border guard keeping an eye out for contraband, and intercepting it when they find it. The primary purpose of a firewall is to keep out hackers and prevent malware from spreading between systems.
Something to avoid is less-than-perfect system design that retains user information longer than it needs to. Potentially sensitive information should only be present on yours system for as long as it is required for the proper operation of your business, to mitigate the risk of it being obtained by cybercriminals, and it is important that your system architecture bears this in mind.
These measures are all required by the Payment Card Industry Data Security Standard, so ensure they are properly in place.
Test Regularly
One other essential measure is the regular testing of your security systems. This too is required by the PCI DSS, and the most important kind is penetration testing companies like Netttitude specialise in this type of security testing. This simulates an attack, either over the internet or by an agent with access to your organisation’s physical premises, to expose weak points that can then be addressed.
These tips should keep your business safe. Governments are taking more steps to create a secure internet, but in the end the onus is on you to keep yourself and your customers safe.
