NANTICOKE – Online shopping may mean convenience for consumers, but merchants offering e-commerce need to do their part to keep their customers’ information safe and secure.
The National Consumers League stated 550 million identities were compromised through 614 database breaches last year. Retail giant Target fell victim to a data breach, which compromised 110 million customers last December.
The fallout from business computer security issues put consumers at risk for identity theft and fraud, creating a lack of trust in the marketplace.
More often, large retail chains face more database hacking attempts than smaller businesses but the risk exists for companies of all sizes, said Donna Yale, team lead for Advance Information Systems at Penn State Wilkes-Barre Northern Tier Center in Towanda.
“Small local businesses can secure their online information by creating layers of security,” Yale said.
When a small business is thinking about establishing a website, they should be looking for a reputable service provider and a website developer “who is well versed in the development of website security,” she said.
Robert Dushok, director of Enterprise Systems at Luzerne County Community College, agrees adding data should be encrypted and stored on more than one server.
Using multiple servers can create reliability and redundancy, which can aid a business in the event one server is comprised, Dushok said.
“Some hosting companies will switch their servers weekly” creating an increased level of security for business owners and their customers, Yale said.
Both Dushok and Yale stress business owners should make sure regular security updates are implemented.
Security updates are often developed to patch an identified area of risk within the server or program, Dushok said.
The power of a strong password should never be under estimated. If business owners are managing their own administration page, passwords should be changed on a regular basis.
“Passwords should be changed at least once a month,” Yale said.
Yale, who assists Wilkes University’s Small Business Development Center, with development of business websites, found some business owners never changed their administrative password years after their website was developed.
A strong password should contain a combination of random upper and lower case letters, numbers and symbols, Dushok said. Endless combinations can deter a brute-force attack.
To test the strength of a password, Dushok recommends www.grc.com/haystack.htm. This site will show how long it could take a hacker using the brute force method to crack a password.
Yale suggests using four random words strung together to deter a dictionary attack.
“A hacker may figure out the first two words, but will not want to take the time to pursue it further,” she said. “Think of all the different words in a dictionary and the time it would take to test each one.”
This spring, the Wall Street Journal had their Facebook password comprised, Dushok said. A posting that Air Force One was believed to have crashed in Russia followed by a second posting, stating Vice President Joe Biden would be addressing the nation led Facebook followers to believe an accident occurred.
“This was a result of a hacker obtaining their password,” Dushok said.
Yale advises small business owners to use PayPal to provide a secure method of processing purchases.
She noted, in the past, PayPal had some security issues of their own, but they “were able to fix the issues.”
“PayPal is very forward to keep businesses and customers secure,” Yale said. “There are so many levels of password protection within PayPal.”
Also, Yale said PayPal is designed to aid businesses if a consumer disputes a transaction.
Just like cameras and other shoplifting deterrents, the creation of security levels for online businesses can safeguard business owners and customers, saving time and money.
“If you lock up your office, you should also be locking up your computer to,” Yale said.