E-business and security
By its nature, the Internet is insecure. So it is important to safeguard your
own and your customers’ valuable data.
Unauthorised access to secure areas
If your web site or Intranet contains a password-protected area, you should
take these steps.
- Make it difficult for anyone else to guess a user’s password. Most security issues are due to a poor password policy.
- Deny access to anyone without full authentication.
- Hold any secure information in the password-protected area on a Secure Sockets Layer (SSL) encrypted domain. SSL is the industry standard connection for secure transmission of data.
Email
You are liable for anything that you send by email, even if you send it
to the wrong person by mistake. Include a short confidentiality notice
before
the text of every email that you send, for example:
This message is private and confidential. If you have received this message in error, please notify us and remove it from your system.
Frauds, scams and spam
A web site that ranks highly in the search engines will expose you to a huge
increase in spam and scams. You can usually spot these, but be careful before
replying to anything.
Trading online
Your secure checkout pages must be located on an SSL encrypted domain. You
should also use SSL for collecting other sensitive personal data wherever
possible (for example, job applications).
Personal databases should be in a password-protected area. If you keep paper copies, make sure they are stored securely. Destroy credit card information after processing a transaction.
Next - Agreements with web developers
