For personal, small and big business websites internet security is a major issue. As a website host you should provide better than average security features; this is the reason why more clients will trust you with their online business causing you to see your sales rise sky high. The internet is filled with malicious hackers that will make every effort to pierce through your client’s site security and compromise your entire client’s information including their financial information. What makes online shoppers trust an online store with private information when they make their payments is when it is sponsored in a very secured and trustworthy impenetrable online environment. What big companies do is to create a demilitarized zone (DMZ) area where all requests are thoroughly scanned and verified before they are allowed to access company systems and safeguard the companies’ vital data.
You can protect yourself from hackers by using strong passwords that are a mixture of both letters and numbers. It is recommended to use at least 10 characters in length which should not be commonly used words or names. Even banks advise every person not to use significant dates such as birthdays for passwords since they are easy to guess.
The next step is to use a properly configured firewall to keep information from being transferred to and from your website. Using an industry standard firewall with the highest security preference is one of the best ways to prevent hackers from tampering with them. Using standard security practices will allow you to have access to the network connections that you have specifically allowed. You must have a detailed understanding of the network applications that will be used by your website on a daily basis. Your computer should have a firewall, virus scanner and anti-spyware installed. Keep this software updated since there are newer viruses that are being developed that will try to intrude into your system. Some viruses can even record the data encoded from your computer’s keyboard.
There are two types of firewalls: software and hardware:
- Software firewalls are installed in your computer system and ideal for your office and remote employees’ computer protection. This ensures that your staff is protected from threats when they are online, including your company’s records.
- Hardware appliance. It is always on even if your computer is off. These are more powerful than software firewalls.
It is better to have a mixture of software and hardware. Use a software firewall on every computer that you have and a hardware firewall on each main internet connection such as a DSL (digital subscriber line). If you have several servers, then have one for each server.
For secure hosting you need to use a dedicated server. In most web applications the use of secure socket layer (SSL) protocol is a must. For most ecommerce sites to ensure that they are using SSL protocol, the basic test is to see if their URL page starts with https:// as oppose to the usual http://, the browser will encrypt all the information sent to the site. SSL assures a user that they are submitting their credit card to a real online shop and not to some fake website. To help you allow your visitors to log in to your website, what you can do is to generate a certificate signing request (CSR) and submit this to the certificate authority (CA) of your choice. The CA will verify your identity by calling you and issuing a digitally signed certificate which you can start using on your web server. In this way visitors to your site will not get any security warning while transmitting secure data from your site. You have to pay for the CA signed certificate though. Some offer discounts on these, so make sure you do your homework.
What is PCI? This is Payment Card Industry Data Security Standard (PCI DSS) which is a set of requirements that is devised inorder that all companies that process, store and transmits credit card information will maintain this in a secure environment. These are composed of merchants that have a Merchant ID (MID). When you choose a web host that says they are offering PCI compliance, verify from them what exactly are they offering. According to the PCI Security Standards Council website, the twelve requirements for PCI compliance are contained in these six objectives as shown below.
- Install and maintain a firewall
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain a policy that addresses information security
Here are some simple strategies that will help you comply with these requirements.
- Keep only what you need.
- You are better off not storing your client card data.
- What you can do is to transmit credit card data directly to a 3rd party or outsourcing payment processing so that you will not need to keep this data.
- Secure your payment applications by using technology that follows the Payment Application Data Security Standard (PA-DSS).
- Do not keep sensitive PIN (Personal Identification Number) data in a place where it can easily be accessed.
- Protect your card holder’s paper records such as receipts in a secure place since this contains information on your client’s credit card numbers and information.
Finally, taking these security measures can keep your website safe from hackers. This can give you a certain peace of mind. These measures assure your online clients that their records are safe and secure. For your part, you will come across as a trustworthy website. Your good reputation will pass on to others who are on the lookout for such quality service.