Don't Get Hacked - Best Practices For Protecting Your Business

You've seen it in the news - 40 million credit cards exposed! nnWith all the news about web sites being hacked and cyber nthieves stealing credit card numbers and other personal data, nit's no wonder that some shoppers are still hesitant to provide npayment information online. You don't have to be. nnIs it enough that users trust you? nnCommon marketing wisdom shows that one of the most valuable nassets any Internet Marketer has is trust. People go to extreme nmeasures to build this trust - online pictures, testimonials, naudio - some even go as far as to open storefronts to give npeople that "good feeling". nnBut all of this may simply not be enough. nnA recent Harris Interactive survey found that 75 percent of nconsumers polled worry that companies will share personal data nwith other corporations without permissions, while 70 percent ndoubt the security of online transactions and 69 percent fear nthat hackers will steal their personal data submitted online. nnYou see, just because a user trusts you, doesn't necessarily nmean that the customer trusts your website or nyour payment processor. nnOnce you've established rapport with your customer base, nthe next step is to build trust in your website. nnWhether you collect credit card information yourself, or have na third party processor handle your transactions for you, nit's crucial that people understand that you are serious nabout protecting their privacy and information. nnHere are a few things you can do to help out. nn*) Install a Secure Server Certificate on your server to close nthat "lock" on people's browsers. Even if you don't collect ncredit card information, people feel better about having nthe information they send to you be secure. Also, consider nusing a "top tier" Certificate provider, such as VeriSign. nWhile other providers may have nearly equally secure solutions, nthe reason you are buying the certificate is to instill trust nin your customers, which other providers do not necessarily nhave in abundance. nn*) Have a clear, clean privacy policy statement in addition nto the "legalese" required by the FTC. If you don't nsell addresses, tell people so. nnn*) Secure your server. I know that this seems obvious, but most npeople pay no attention to their webserver or the software nthey are running. Knowing what software you have running, nand keeping up-to-date on patches will help significantly. nn*) Install an Intrusion Detection System (IDS) I estimate 73% nor more of all websites have no intrusion detection system nin place. What this means is that not only can most websites nbe hacked easily, it is very likely that the website owner nhas no clue if that they have been compromised. nn*) Turn off unneeded services and ports, and uninstall nunused software. The premise here is that the less "stuff" non your machine, the less chance for exploit. For example, nMySQL listens on the Internet for messages from other servers, nyet most small websites access the database system only from nthe machine it is running on. It is very simple to make nMySQL "invisible" to the Internet - making it much more nsecure if you don't need to access it from other systems. nThere are many, many more simple techniques like this you can napply to your server to keep hackers out. nnIn summary, consumers are quickly becoming Internet savvy nand they take their privacy seriously. There is nothing, nand I mean nothing, that can hurt your credibility more nthan your customers and potential customers getting SPAM nto email addresses that they provided only to you - in nthe best case, they will think that you sold their address. nResponding that no, you didn't sell their address, but someone nhacked your server and stole ALL their personal information nwon't make them feel a whole lot better about doing business nwith you in the future.n