Why should you worry about your web application security?

POSTED BY on Sep 8 under Uncategorized

At a time when identity theft is a common concern, protecting the personal information of anyone visiting your Web site is something that every business should be thinking about.

Cyber Security

While legislation may vary from state to state in terms of how much you’re required to do to protect your customers’ personal information, putting measures in place — and letting your customers know you have done so — is good for business, pure and simple.

This is a general concern that is definitely climbing, given the rise in attacks on small-business web sites and web applications. Usually small to medium businesses don’t have an in-house IT departments, a security officer or strong security infrastructure which makes it easier for hackers to walk away with sensitive data.

Beyond these worst-case scenarios, though, there’s also the simple fact that consumers don’t like doing business with a site they can’t trust. “Having a privacy statement [and trustmark] plays a big role in where consumers will purchase online,” Hodge said. “Those that don’t are missing a competitive advantage. It increases consumer confidence, which means more purchases.”

TRUSTe, for example, will help you develop and/or update your privacy statement, issue a trustmark or privacy seal for display on your site, perform ongoing reviews to make sure you are compliant with relevant jurisdictional requirements, and provide support in resolving any disputes that may arise over your privacy practices. Annual fees for this service are based on revenues generated on the site and start at around US$600.

Best Practices

If you don’t have any kind of privacy measures in place, then it’s probably time you did. Following are some best practices to consider:

1. Ensure that your Web site has a true and accurate privacy statement that is easy to read and understand. It should include information on what customer data is collected and tracked, the parties with whom this information is shared, and how customers can opt out. Provide a link or reference to it on the home page so it’s easy to find. Also make sure that your terms of service are consistent with that policy to avoid confusion.

2. Don’t cut and paste your privacy statement from another site. “Remember, it’s a legal contract,” Hodge said. “Take a few minutes to make sure it is accurate for your business.”

3. Register with a privacy organization and post a seal of approval or trustmark on your site. This should be prominently displayed on the home page, with the privacy policy statement, on the shopping page, and next to any online forms that collect information from customers.

4. Create a page that educates customers about your site’s information security practices and controls. Explain how card payment information is protected during transmission, while on your server and at your physical work site.

5. Create an FAQ page that includes questions and answers on how customers can protect themselves when shopping online.

6. Do not collect credit card details by email. This is not a secure communication method.

7. Encrypt sensitive information during purchases. “You can get a certificate from your domain name, SSL (secure socket layer) or other provider that specializes in encryption services,” Hodge explained.
Clearly state your purpose when collecting information from visitors. “If you are collecting email information for sending out an e-newsletter, be very clear that is what you are doing. And don’t forget to provide a link to your privacy statement,” Hodge advised.

8. Make sure any online marketing services you use meet industry standards for privacy and that they are certified.

9. Don’t keep information you don’t need. When it comes to maintaining a secure site and customer privacy, look at your data retention, advised Martin Elliott, senior business leader at Visa. “If you don’t need it, don’t store it. That reduces your security risk,” he told TechNewsWorld. Establish a retention policy, Brunetto suggested. “This determines how long you need to keep data and how much. Figure out what is sensitive data and what you need to have in place to protect it.”

Thanks to Denise J. Deveau from TechNewsWorld for these insights and best practices.

Leave a Comment

If you would like to make a comment, please fill out the form below.

Name (required)

Email (required)

Website

Comments

Copyright Vebinary Blogs | Powered by WordPress | Using the GreenTech Theme