Chapter 4
IN THIS CHAPTER
Securing customer data
Backing up your own data
Adding a firewall for additional protection
If you’ve spent any time on a computer, you know most of the security drills about spam, viruses, and other unwanted intruders. (If not, turn to Chapter 2 of this minibook to create a top-notch security plan for fending off online predators.)
As an online business owner, your responsibility to run a secure site is now increased in magnitude. In addition to watching out for your best interests, you must realize that your customers depend on you to take the appropriate precautions. In this chapter, we show you good security measures and provide information and tools so that you can increase protection for yourself and your customers.
Operating an Internet business means that you’re likely collecting, processing, and storing (or safeguarding) credit card data regularly. Additionally, you are a gatekeeper for lots of personal data, from passwords to Social Security numbers. You therefore have to look at data breaches and potential credit card fraud from two points of view: yours and the customer’s.
E-commerce sites lose billions of dollars to online credit card fraud every year. Worldwide, credit card fraud exceeded $16 billion in 2015, according to The Nielsen Report (www.nielsen.com
). The losses don’t stop there. Data breaches caused by hackers or malicious intent cost businesses $4.77 million (on average) per breach in 2015, according to the annual data breach report from IBM. Included in that financial loss is the actual cost of the lost data, recovery and mediation costs, and the estimated cost to the company’s reputation.
As an online business, your vulnerability to these types of losses is real. We don’t say this to scare you, but to illustrate how quickly costs add up from what might seem like a minor, one-time security slip. And consider that while protection against credit card fraud is tightening offline, with the required use of new data chip credit and debit cards, fraud experts anticipate this will only drive up fraud attempts online. Shoppers may be more willing to buy online than ever before, but security concerns over credit card and personal data loss still worry consumers. The fear of identity theft and credit card fraud make 34% of consumers hesitant to buy online, according to a study from Bizrate Insight (http://connexity.com/bizrate-insights
). All these statistics add up to potentially less revenue for your online business.
You want to be aware of potential security problems so you can combat them and protect your prospective revenue. Here are just a few of the ways that your online business can get hit with fraudulent transactions — and end up losing merchandise and money:
Although you might think that the big online retailers are most at risk, smaller sites are often more likely targets because smaller sites usually have less sophisticated resources for detecting fraud. Fraudulent credit card orders increasingly account for a larger percentage of all processed online orders. Although the percentage is still relatively small (less than 10 percent), that doesn’t help if you’re the one suffering a loss.
Protecting against online crime means that you have to stay alert, cautious, and informed. As with any security concern, seek ways to reduce your risk:
Fight excessive charge backs. Even if a card is valid, a customer can steal from you by refusing to pay for the product or service after receiving it. If the customer gives a valid reason (such as the product was damaged or appears to have been used or refurbished), the credit card company removes the charge. Because you have no signature on file for an online transaction, you’re stuck paying the bill — plus a charge back fee from your credit card company. You can challenge the claim by responding to the charge back complaint that the credit card company sends you. You need diligence and patience to fight this type of complaint, and you won’t win them all. Still, you can recover some losses, making your time invested worthwhile. (For more information on fighting charge backs, see Chapter 1 of this minibook.)
If you suspect a problem or perhaps an honest mistake, call your customer directly to work it out. Keeping good records and documenting follow-up calls go a long way toward fighting charge backs.
Luckily, only a small percentage of customers — if any — turn out to be thieves. A bigger challenge is protecting your customers’ data from online crooks and potential carelessness. One of these violations can land your customers’ data in the wrong hands — and also land you in a lot of hot water:
The preceding list gives you some good ideas about how easily a problem can occur. Now all you have to do is make sure it doesn’t. Take these precautions to minimize your risk:
Dump your data properly. When it’s time to get rid of hard copy documents, these files must be thoroughly shredded. You can even hire a professional document disposal service that will come to your location to shred documents. How convenient is that?
Before getting rid of old computers or disposing of any electronic files, erase or overwrite the machine or files (as opposed to simply deleting individual files). You can use a free, downloadable program from Active@ KillDisk at www.killdisk.com
. Or try guaranteed erasure and hard drive destruction services from companies such as Shred-it (www.shredit.com
) or Kroll Ontrack (www.krollontrack.com
).
Stop. Take a moment and think about the information you store on your computer. Consider the amount of time you spend creating, updating, and maintaining your website. Now imagine that all that information disappears in a blink of the eye. Yikes!
Most of us go through our business day assuming that nothing really bad will ever happen. That’s followed by the assumption that the contents of your website and your computer files are perfectly safe and always at your disposal. Guess again. You can lose data through human error (coffee splashed on your laptop, for example) or natural disasters, such as hurricanes.
You can prevent disasters from becoming cataclysmic by properly backing up and storing your data. Try these methods:
Partition your hard drive. An easy way to back up files is to move them to a separate section of your hard drive. You do this by partitioning the hard drive, or dividing it into two or more sections. If one partition is corrupted or compromised, you can still access the second partition. Partitioning is also a good method for providing another layer of security (by limiting access) to certain files.
To partition your existing hard drive, use an off-the-shelf program to make the job easy. Try the EaseUS Partition Master for free at www.partition-tool.com
.
One goal of backing up data is to have your information available in case of a disaster, such as hurricanes, tornadoes, and flooding — which we’ve seen plenty of in the last few years. If your computer is stolen or destroyed in a fire, having data backed up on a hard drive doesn’t do much good. You can make a duplicate copy that’s not backed up as often but is saved to disk and stored in a fireproof safe or in a safe-deposit box. Or you can keep your information backed up in a cloud solution for a few dollars a month.
Back up your operating system. If you operate Windows, Microsoft includes a few options to back up files and recover your PC, depending on which version of Windows you operate. You can find out about your options at https://support.microsoft.com
.
In 2014, Microsoft discontinued support of its Windows XP operating system. If you’re using XP, it is highly recommended you update your PC to Windows 10 to avoid compromising your data with increased security risks.
If you’re using an Apple Macintosh, Mac OS X includes Time Machine for free, which allows you to automatically back up your system. You can get the details, along with other options, at http://support.apple.com
.
One of the best lines of defense against viruses and intruders is having a firewall installed on your computer. Think of a firewall as a security guard standing watch at all the doors and windows of your computer. The firewall monitors the traffic, decides what’s safe, and then gives permission to enter. If the firewall detects a threat, it shuts the door and blocks the intruder.
Firewalls are particularly important because hackers are aggressive creatures. They actively search for networks that are unprotected or have disabled firewalls. To a Net-thief, that situation is the equivalent of having an open invitation to browse through all the files on your computer. The lack of firewalls also make it easy to install harmful programs that infect or shut down your computer or — worse — scoop up and send out to the hacker pertinent information (such as passwords and bank account numbers) without your knowledge.
For added security, we recommend that you do the following:
www.zonealarm.com
.3.129.211.87