E-business security
Security is the most significant risk for any e-business transaction. E-businesses face a lot of security risks when any part of their systems is exposed to other systems online (Cole 2009). Security risk include lose of information like credit card numbers from e-business database by theft, distortion or deformation of information, destruction of information, or broadcasting of information (Gattiker 2004).
Distortion or deformation of information may include changes to payment files or invoices. This may lead to huge losses of money since people may appear to owe more or less than they actually do. Broadcasting information may include showing visitors real names instead of their nicknames in a forum or chat room. The losses associated with these security threats include financial losses for data recovery and for restoring the goodwill and confidence to customers (Smith 2003).
E-business companies are responsible for handling their clients’ information safely. The solution for majority of security risks is investing in numerous layers of security. Information from the e-business site and from the consumer must be encrypted throughout the transaction (Ghosh 2001). In addition, secure socket layers are required to ensure that it is sent only to the right people.
Firewalls and Kerberos protocol must be designed to ensure that the data is protected, once it is in the e-business site. It is important for the e-business security system to stay updated at all times. This is because hackers become more complicated every day and come up with new methods updated for new systems. Investing in proper technology is the key to securing transactions in e-business (Nardelli, Posadziejewski, & Talamo 2003).
One of the greatest threats faced by e-businesses in case of security breach is that such cases are solved in civil courts instead of criminal courts. This means that a civil case requires the e-business company to produce its own evidence. For instance, if a company has its security system compromised by hackers, the e-business company has to collect evidence against the hackers take the perpetrator to court on its own dime (Scambray, McClure, & Kurtz 2001).
Criminal laws require assistance from the police or any necessary authorities. The issue of prosecuting such cases in civil courts has a lot of consequences in terms of planning. Vital forensic evidence can be lost easily if the company does not have a ready plan and ready resources to carry out investigations.
In addition, hackers know how to erase any form of evidence especially considering the fact that most of the evidence is digital. Without the evidence, the e-business company has no case against the hackers and chances are that more complicated violation of security will occur in future (Johnston & Mak 2000).
E-businesses are sometimes faced with security threats from the inside and not from the outside, commonly dubbed “the inside jobs”. These are cases where company’s workers or former workers look into the causes of security problems and end up using the weaknesses to gain financially. Some employees do this to see how far they can break into the company’s database or security systems. Either way, inside jobs are more dangerous and hard to detect than outside hackers (Abel 2006).
Simple measure taken by companies like securing passwords, changing administrative passwords frequently, granting limited access to employees and revoking the privileges of former employees are not always sufficient. E-businesses have to initiate a security culture to prevent abuse of security systems by employees. Most evidence of attempted hacking can be found in server logs of the company. Attempted hacking should be taken seriously and should be prosecuted to avoid consequent occurrences (Cache & Wright 2010).
E-business technology failure
Technology can be a solution to e-business risks as well as a risk by itself. The reason behind this is because e-business is so dependent on it. All e-business transactions rely on computers hardware and software and other telecommunication devices to initiate communication and other subsequent operations.
Problems of infrastructure have posed a great risk in the past and have resulted into huge losses of money and businesses. A simple problem like server malfunctioning can be a great risk because the business is likely to lose all the customers’ confidence. Similarly, viruses attack into the e-business system is likely to delete valuable data or send valuable data to unauthorized people (Nardelli, Posadziejewski, & Talamo 2003).
Software glitches affect the e-business site and may cause the server not to work properly. Such occurrences in the middle of a transaction deplete all the trust from the customer. Attacks from hackers means that there are some technology failures and therefore the site is insecure.
These hackers may steal sensitive information from customers or deface a site. This will definitely reduce consumers’ confidence in the site and in e-business and may never transact with the site again. Major technological risks of e-business include technical failure, technical incompatibility, hacking, industrial espionage and attack by viruses (Obaidat, Tsihrintzis, & Filipe 2011).
Investing in technology goes hand in hand with investing in human resource. The e-business company should form a culture of training its employees regularly. Awareness of cybercrime and security training should be established so that all employees understand that the company takes security issues seriously.
The employees should have the ability to detect any suspicious activities on their network. Clear procedures to be followed when someone reports unusual activity on a computer should be established. Forensic evidence should not be destroyed and the information technology team should know how to proceed. The company should also ensure its systems are always updated to ensure efficiency of transactions (Scambray, McClure, & Kurtz 2001).
E-business fraud
Internet fraud has been on the rise in the past decade and is slowing down the growth of e-business. Fraudulent activities scare away the real customers from e-business sites. E-business is characterized by fraudsters who are on a prowl attempting to make quick money by deceiving innocent customers.
Anonymity in the Internet allows the fraudsters to commit crimes online and to go undetected. Many people are attracted to offers made in e-business sites but may never shop online because of the Internet fraud and security issues. Some common Internet frauds include online auction, online market investment frauds, pyramid schemes frauds, and credit card frauds. These frauds are conducted online and are aided by chat rooms, bulletin boards, blog sites and e-mails (Smith 2003).
There are a few measures that can be observed to prevent Internet fraud in e-business. The company can create a held orders department that can review the orders manually. Guidelines for holding orders should be set. An in-house database can be created for all orders where fraud is detected.
The orders should be run through the database thoroughly. E-business in the same line of business should come up with a shared database where information on fraudulent order s is shared. The e-business should work together with the Credit Issuing Bank (CIB). The CIB will contact the customer to confirm the name and address given. All calls should be documented and recorded to help when the merchandise is lost to a fraudster (Vark 1997).
Development of risk management
Development of risks management strategies in e-business begins with identification of e-business risks. The legal risks associated with conducting transactions online are identified and evaluated. Laws and regulations associated with e-business in regional and international markets are identified.
All internal e-business risks like inside jobs are identified, categorized and evaluated. Different types of online transactions and associated risks are identified and analyzed. All computer software security and hardware risks are identified and analyzed (Cole 2009).
A risk management plan for e-business is developed based on the probability of occurrence and the consequences of the identified risks. Methods of controlling fraud and minimizing e-business legal and security risks are developed based on the identified risks.
The company should consider its policies and then assign the responsibility of risk management to the appropriate department. Risk management plan documents risk management strategies. Procedures for monitoring and identifying risks are stipulated in risk management plan. The plan also includes training for employees in risk management (Abel 2006).
Implementation of risks management plan is done according to the risk management plan. Customer’s security strategies and payment transactions are carried out in accordance with risk management plan. Fraud control measures and non-technical strategies for controlling security risks to online information follow the stipulated risk management plan, ethical and legal requirements.
Monitoring and evaluation of risk management plan should follow and adjustments should be made in accordance to occurred incidents. In addition, fraud control measures are assessed and corrective measures recommended. Customer feedback should be collected, reviewed, analyzed and action taken in accordance to the risk management plan and the company’s policy (Ghosh 2001).
E-business security audit and penetration test
Security audit allows the e-business company to evaluate its network security by evaluating how well the company observes the established standards. Penetration testing allows the e-business company to exploit the known vulnerabilities in a network.
This testing is done to test the network perimeter defense mechanisms to ensure safety is observed. Cyber attacks are presently associated with financial losses to e-business companies. This is because running a business today involves a lot of networking and exchange of information electronically (Obaidat, Tsihrintzis, & Filipe 2011).
Penetration testing is designed to simulate techniques that intruders apply to gain unauthorized access to the company’s networked systems. Testing is conducted both automatically and manually; manual techniques targets specific systems to make sure that there are no security flaws that may have escaped detection by automated testing.
Vulnerability assessment is aimed at identification of logical and physical weaknesses in networks and computers, policies, procedures and practices.
Ethical hackers use the same techniques employed by criminal hackers to determine existing vulnerabilities. Unlike criminal hackers, ethical hackers do not damage or steal information from the system. They assess the security targets, discover vulnerabilities and design appropriate actions and therefore maintain the integrity and confidentiality of the e-business company (Smith 2003).
References
Abel, J 2006, Oracle E-Business Suite Security (Oracle Press). Emeryville, CA, McGraw-Hill Osborne Media.
Cache, J, & Wright, J 2010, Hacking Exposed Wireless, Second Edition. Emeryville, CA, McGraw-Hill Osborne Media.
Cole, E 2009, Network Security Bible. Hoboken, New Jersey, Wiley Publishers.
Gattiker, U 2004, The Information Security Dictionary: Defining the Terms that Define Security for E-Business, Internet, Information and Wireless Technology. Norwell, MA, Springer Pulishers.
Ghosh, A 2001, Delivering Security and Privacy for E-Business. Hoboken, NJ, Wiley.
Johnston, R, & Mak, H 2000, An emerging vision of internet-enabled supply chain electronic commerce, International journal of electronic commerce , 4(4),43-59.
Nardelli, E, Posadziejewski, S, & Talamo, M 2003, Certification and Security in E-Services: From E-Government to E-Business (IFIP Advances in Information and Communication Technology). New York, Springer Publishers.
Obaidat, M, Tsihrintzis, G, & Filipe, J 2011, e-Business and Telecommunications: 7th International Joint Conference, ICETE, Athens, Greece, July 26-28, 2010, Revised Selected Papers (Communications in Computer and Information Science). New York, Springer Publishers.
Scambray, J, McClure, S, & Kurtz, G 2001, Hacking Exposed: Network Security Secrets & Solutions, Second Edition. New York, McGraw-Hill/OsborneMedia.
Smith, G 2003, E-Commerce: A Control and Security Guide. Hoboken, NJ, Wiley Publishers.
Vark, J 1997, E-Commerce and the Security Myth. The Journal of Apple Technology , 13(11), 1-7.