E-Commerce Glossary
E-commerce and small business
terms explained.
Search
Search | Careers | Contact us
Home Small Business Electronic Commerce Frequently Asked Questions Services
A wealth of information
Lupra.com is a non-profit website that contains hundreds of articles about doing business online and many other business-related issues.
... thanks for visiting us, Brian Lupra!
 Internet Security
 Internet Security
 How To Be Web Ready
 Shop Online Safely
 Shopping Online
 Tips for Safe Banking Over the Internet
 Safe Internet Banking - Protect Your Privacy
 The Federal Trade Commission's Approach to Online Privacy
 Privacy Online: A Report to Congress
 Children's Privacy
 Dialing Up to the Internet: How to Stay Safe Online
 High-Speed Internet Access
 Reducing Risks to your Computer
 Spyware
 Securtiy Products
 Privacy: Tips for Protecting Your Personal Information
 Privacy Choices
 Credit Card Fraud Prevention
 Media Ratings Systems
 Avoiding Web Service Scams
 Cramming: Mystery Phone Charges
 Modem Dialers
 International Telephone Scams
 Understanding Identity Theft
 Information Compromise
 Protecting Against Identity Theft
 When a Criminal's Cover Is Your Identity

 

 

Security Check: Reducing Risks to your Computer Systems

When consumers open an account, register to receive information or purchase a product from your business, it’s very likely that they entrust their personal information to you as part of the process. If their information is compromised, the consequences can be far – reaching: consumers can be at risk of identity theft, or they can become less willing – or even unwilling – to continue to do business with you. These days, it’s just common sense that any business that collects personal information from consumers also would have a security plan to protect the confidentiality and integrity of the information. For financial institutions, it’s an imperative: The Gramm-Leach-Bliley Act and the Safeguards Rule, enforced by the Federal Trade Commission, require financial institutions to have a security plan for just that purpose.

The threats to the security of your information are varied – from computer hackers to disgruntled employees to simple carelessness. While protecting computer systems is an important aspect of information security, it is only part of the process. Here are some points to consider – and resources to help – as you design and implement your information security plan.

Starting Out

Sound security for businesses means regular risk assessment, effective coordination and oversight, and prompt response to new developments. Basic steps in information security planning include:

  • identifying internal and external risks to the security, confidentiality and integrity of your customers’ personal information;
  • designing and implementing safeguards to control the risks;
  • periodically monitoring and testing the safeguards to be sure they are working effectively;
  • adjusting your security plan according to the results of testing, changes in
  • operations or other circumstances that might impact information security; and
  • overseeing the information handling practices of service providers and business partners who have access to the personal information. If you give another organization access to your records or computer network, you should make sure they have good security programs too.

When setting up a security program, your business should consider all the relevant areas of its operations, including employee management and training; information systems, including network and software design, and information processing, storage, transmission and disposal, and contingencies, including preventing, detecting and responding to a system failure. Although the security planning process is universal, there’s no “one size fits all” security plan. Every business faces its own special risks. The administrative, technical, and physical safeguards that are appropriate really depend on the size and complexity of the business, the nature and scope of the business and the sensitivity of the consumer information it keeps.

Determining Priorities Among Risks: Computer Systems

Although computer systems aren’t your only responsibility related to information security, they are an important one. With new vulnerabilities announced almost weekly, many businesses may feel overwhelmed trying to keep current. Guidance is available from leading security professionals who put together consensus lists of vulnerabilities and defenses so that every organization, regardless of its resources or expertise in information security, can take basic steps to reduce its risks. The lists identify the commonly exploited vulnerabilities that pose the greatest risk of harm to your information systems. Use these lists to help prioritize your efforts so you can tackle the most serious threats first.

  • The 20 Most Critical Internet Security Vulnerabilities was produced by the SANS Institute and the FBI. It describes the 20 most commonly exploited vulnerabilities in Windows and UNIX. Although thousands of security incidents affect these operating systems each year, the majority of successful attacks target one or more of the vulnerabilities on this list. This site also has links to scanning tools and services to help you monitor your own network vulnerabilities at www.sans.org.

  • The 10 Most Critical Web Application Security Vulnerabilities was produced by the Open Web Application Security Project (OWASP). It describes common vulnerabilities for web applications and databases and the most effective ways to address them. Attacks on web applications often pass undetected through firewalls and other network defense systems, putting at risk the sensitive information that these applications access. Application vulnerabilities are often neglected, but they are as important to deal with as network issues. While you are designing and implementing your own safeguards program, don’t forget that you should oversee service providers and business partners that have access to your computer network or consumers’ personal information. Check periodically whether they monitor and defend against common vulnerabilities as part of their regular safeguards program.

 
Home  |  Small Business  |  Ecommerce  |  Glossary  |  Country Information  |  Network Marketing  |  Internet Security  |  Intellectual Property
Business Immigration  |  Equal Opportunity  |  Occupational Safety and Health  |  Marketing and Advertising  |  Industry Information
Copyright © 2004 All rights reserved.

Disclaimer: This website is not intended to provide professional advice or be a substitute for professional advice concerning specific questions or situations. It is our intent to provide general information for educational purposes only. If you have a specific question or situation, we strongly recommend that you seek advice from a properly qualified professional such as a lawyer or accountant. While we take reasonable care, mistakes can happen and we cannot guarantee the accuracy of information on this website. Furthermore, laws are constantly changing and information on this site may not be 100% up-to-date. Laws also differ from country to country and even from state to state. It is thus imperative that you do not rely in information presented on this site, but always check with a qualified professional.