April 2001: Volume 43, Number 4
Security Revisited -- Ensuring a Safe Ride on the E-Commerce Highway
by Pete Simpson
The Internet is the coming means of economic commerce. Despite knocks on Wall Street the business-to-business (B2B) and business-to-consumer (B2C) online community may have taken over the past year, that much remains true. We in the water treatment business need to realize that and take advantage of it when it makes money for us.
More and more, you can buy what you need to run your business via the Internet. But the catch is you often must pay for it via credit card. There have been advances in e-cash, e-credit and online banking, but if you're trying to be more effective and efficient, paying via the credit card is the way to go currently. Besides tracking what you bought, you also have some recourse and can better manage cash flow. Also, don't forget the free air miles.
The next question you're probably asking is should I let my customer pay via credit card? In this writer's opinion, the cost is pretty high since most credit card companies charge 2 percent to 4 percent on each transaction as a processing fee. Unless you can cover that fee, you my want to really think hard about allowing your customers to pay their bill via credit card.
Still, if you want to let your customer pay via credit card, there are numerous ways of doing so. We can cover those in future columns.
Security on the Internet
The Internet works by sending information from computer to computer until the information reaches its destination. When information is sent from point A to point B, every computer in between has an opportunity to look at what's being sent. This can pose a security problem.
For example, suppose you're viewing a clothing catalog on the World Wide Web and you decide to buy a shirt. This requires that you type information into an order form, including your credit card number. You know the clothing company in question is reputable, so you type your credit card number and other information and then send the completed form. Your information passes from computer to computer on its way to the clothing company. Suppose one of the computers in between has been infiltrated by criminals who watch the data passing through that computer until they see something interesting, such as your credit card number.
Another security problem relates to how files and programs are sent and received between the web and your computer. With no security protection, you could run or download files and programs from the Internet that can damage your computer and the information stored on it.
How often do things like this happen? It's hard to say, but the important thing is that they're technically possible. And, as the Internet grows, they could happen more and more.
How does Internet Explorer, Netscape, AOL, etc., software help protect you and your data?
Since there's wide variation in how trustworthy "Webster" -- or online e-commerce engines -- is, these online service providers can enable you to assign any files you can open or download (from files on the Internet to files on your computer) to "security zones." You can set different levels of security depending on where web information comes from and how much you trust it.
Many Internet sites are equipped to prevent unauthorized people from seeing the data sent to or from those sites. These are called "secure" sites. Because Internet Explorer supports the security protocols used by secure sites, you can send information to a secure site with safety and confidence. (A protocol is a set of rules and standards that enable computers to exchange information.) When you are viewing a page from a secure site, Internet Explorer displays a lock icon on the status bar in the lower left corner just above the "Start" icon.
Internet Explorer or Netscape can also notify you when you're about to do something that might pose a security risk. For example, if you're about to send your credit-card number to an unsecured site, they can warn you that the site isn't secure. If the site claims to be secure but its security credentials are suspect, they can warn you that the site might have been tampered with or might be misrepresenting itself.
If you're concerned about downloading files or programs to your computer, it's a good idea to have an in-house virus protection program to protect you from the latest time bomb sent out by a teenage wunderkind with a PC and too much time on his hands. In addition, make sure you update virus protection files every month.
As of March 1, Yahoo listed 550 Internet security listings along with 642 related product and 126 store websites. Some of the more popular antivirus protection programs include those from Symantec/Norton and McAfee. At their websites -- www.symantec.com and www.mcafee.com -- you can find information on these and other online security options. Ratings for different programs can be found at the website of PC Magazine (www.zdnet.com/pcmag), which offers a plethora of data to educate you on related issues easily accessible through its search function.
For some time now, you can even buy antivirus insurance to protect your internal databases in the event something does get through your security and wipe them out. The importance of this is underscored at www.mi-web.com/anti_virus.html
What's the fuss?
Why is everyone so excited about Internet security?
A lot of the excitement (some would say "hysteria") is clearly the result of media hype. The popular media is unwavering in its fascination with all the bad things that could happen, not unlike the constant assertions that Year 2000 bugs were going to make planes fall out of the sky, ATMs go dead and your VCR play tapes backwards (which might improve some music videos!). Security breaches, especially of military or government sites on the Internet, immediately conjure up images of enemy spies or teenage whiz kids starting a nuclear war by hacking into the Pentagon.
Risk is a fact of modern life and we often have trouble assessing comparable risks. The same pundits who are aghast at the thought of sending their credit card information over a secure browser connection to buy something via the Internet, will think nothing of handing that same credit card to a teenager or "between jobs" actor working as a restaurant waiter, who disappears into the back room for 10 minutes with credit card in hand. They also won't think twice about picking up their cellular phone and calling a toll-free number from an advertisement in the back of an airline magazine and giving their credit card information to someone at a company they've never heard of before.
This is not to say that the risk isn't real or the potential threats aren't there or that organizations don't need to be concerned and take concrete steps to ensure the security of their networks and information -- they do. However, perspective is important too.
With how integrated small business operations have become with computers, various accounting, database and operations management software programs, the Internet can be an unlocked door allowing thieves to strip you clean. Or, it can be a secure tool to enable you to grow well into the virtual age. Common sense is often the best approach, but Internet security cannot be put off. There's too much at risk -- or not -- depending upon your response.
About the author
Pete Simpson is general manager of UNCO Data Systems of Minneapolis. Simpson, who holds a master's degree in business administration and information sciences from Pepperdine University, has been with the company since 1994. UNCO has been in business since 1969 and specializes in information technology for the water conditioning and bottled water industries. He can be reached at (952) 935-4466, (952) 933-5049 (fax) or email: firstname.lastname@example.org