Don't Get Hacked - Best Practices For Protecting Your Business

Don't Get HackedYou've seen it in the news - 40 million credit cards exposed!With all the news about web sites being hacked and cyberthieves stealing credit card numbers and other personal data,it's no wonder that some shoppers are still hesitant to providepayment information online. You don't have to be.Is it enough that users trust you?Common marketing wisdom shows that one of the most valuableassets any Internet Marketer has is trust. People go to extrememeasures to build this trust - online pictures, testimonials,audio - some even go as far as to open storefronts to givepeople that "good feeling".But all of this may simply not be enough.A recent Harris Interactive survey found that 75 percent ofconsumers polled worry that companies will share personal datawith other corporations without permissions, while 70 percentdoubt the security of online transactions and 69 percent fearthat hackers will steal their personal data submitted online.You see, just because a user trusts you, doesn't necessarilymean that the customer trusts your website oryour payment processor.Once you've established rapport with your customer base,the next step is to build trust in your website.Whether you collect credit card information yourself, or havea third party processor handle your transactions for you,it's crucial that people understand that you are seriousabout protecting their privacy and information.Here's a few things you can do to help out.*) Install a Secure Server Certificate on your server to closethat "lock" on people's browsers. Even if you don't collectcredit card information, people feel better about havingthe information they send to you be secure. Also, considerusing a "top tier" Certificate provider, such as Verisign.While other providers may have nearly equally secure solutions,the reason you are buying the certificate is to instill trustin your customers, which other providers do not necessarilyhave in abundance.*) Have a clear, clean privacy policy statement in additionto the "legalese" required by the FTC. If you don'tsell addresses, tell people so.*) Secure your server. I know that this seems obvious, but mostpeople pay no attention to their webserver or the softwarethey are running. Knowing what software you have running,and keeping up-to-date on patches will help significantly.*) Install an Intrusion Detection System (IDS) I estimate 73%or more of all websites have no intrusion detection systemin place. What this means is that not only can most websitesbe hacked easily, it is very likely that the website ownerhas no clue if that they have been compromised.*) Turn off unneeded services and ports, and uninstallunused software. The premise here is that the less "stuff"on your machine, the less chance for exploit. For example,MySQL listens on the Internet for messages form other servers,yet most small websites access the database system only fromthe machine it is running on. It is very simple to makeMySQL "invisible" to the Internet - making it much moresecure if you don't need to access it from other systems.There are many, many more simple techniques like this you canapply to your server to keep hackers out.In summary, consumers are quickly becoming Internet savvyand they take their privacy seriously. There is nothing,and I mean nothing, that can hurt your credibility morethan your customers and potential customers getting SPAMto email addresses that they provided only to you - inthe best case, they will think that you sold their address.Responding that no, you didn't sell their address, but someonehacked your server and stole ALL their personal informationwon't make them feel a whole lot better about doing businesswith you in the future.