Don’t Get Hacked – A Guide to Protecting Your Business from Thieves
You've seen it in the news - 40 million credit cards exposed!
With all the news about web sites being hacked and cyber
thieves stealing credit card numbers and other personal data,
it's no wonder that some shoppers are still hesitant to provide
payment information online. You don't have to be.
Is it enough that users trust you?
Common marketing wisdom shows that one of the most valuable
assets any Internet Marketer has is trust. People go to extreme
measures to build this trust - online pictures, testimonials,
audio - some even go as far as to open storefronts to give
people that "good feeling".
But all of this may simply not be enough.
A recent Harris Interactive survey found that 75 percent of
consumers polled worry that companies will share personal data
with other corporations without permissions, while 70 percent
doubt the security of online transactions and 69 percent fear
that hackers will steal their personal data submitted online.
You see, just because a user trusts you, doesn't necessarily
mean that the customer trusts your website or
your payment processor.
Once you've established rapport with your customer base,
the next step is to build trust in your website.
Whether you collect credit card information yourself, or have
a third party processor handle your transactions for you,
it's crucial that people understand that you are serious
about protecting their privacy and information.
Here's a few things you can do to help out.
*) Install a Secure Server Certificate on your server to close
that "lock" on people's browsers. Even if you don't collect
credit card information, people feel better about having
the information they send to you be secure. Also, consider
using a "top tier" Certificate provider, such as Verisign.
While other providers may have nearly equally secure solutions,
the reason you are buying the certificate is to instill trust
in your customers, which other providers do not necessarily
have in abundance.
*) Have a clear, clean privacy policy statement in addition
to the "legalese" required by the FTC. If you don't
sell addresses, tell people so.
*) Secure your server. I know that this seems obvious, but most
people pay no attention to their webserver or the software
they are running. Knowing what software you have running,
and keeping up-to-date on patches will help significantly.
*) Install an Intrusion Detection System (IDS) I estimate 73%
or more of all websites have no intrusion detection system
in place. What this means is that not only can most websites
be hacked easily, it is very likely that the website owner
has no clue if they have been compromised.
*) Turn off unneeded services and ports, and uninstall
unused software. The premise here is that the less "stuff"
on your machine, the less chance for exploit. For example,
MySQL listens on the Internet for messages form other servers,
yet most small websites access the database system only from
the machine it is running on. It is very simple to make
MySQL "invisible" to the Internet - making it much more
secure if you don't need to access it from other systems.
There are many, many more simple techniques like this you can
apply to your server to keep hackers out.
In summary, consumers are quickly becoming Internet savvy
and they take their privacy seriously. There is nothing,
and I mean nothing, that can hurt your credibility more
than your customers and potential customers getting SPAM
to email addresses that they provided only to you - in
the best case, they will think that you sold their address.
Responding that no, you didn't sell their address, but someone
hacked your server and stole ALL their personal information
won't make them feel a whole lot better about doing business
with you in the future.
Gloss