Conserving Your Customers' Online Identity
Given the choice between two roughly equivalent products where one of them is better for the planet, we're now trained to go green every time. We operate the same way when it comes to protecting our non-renewable personal identities and associated financial accounts. When we shop online, there are often many websites where we can buy the same thing, so we go to the website that we trust.
This week we talked with e-commerce company Kate's Caring Gifts, which sells eco-friendly gifts on its website, about how they protect their online customers from malware and ID theft.
"Get a web scanning service for your merchant website to help make sure you stay secure," business owner Kate Amon suggests. "That's an essential part of our security." Regular scans are required to check for security vulnerabilities and help identify problems in the code that hackers could exploit.
This should include testing for common web vulnerabilities and their attack variants such as those identified in the WASC (Web Application Security Consortium), OWASP (Open Web Application Security Project), and SANS (SysAdmin, Audit, Network, Security) Institute's top 20. Threats to check for include cross site scripting (XSS), SQL injection flaws, malicious file execution, insecure communications and more.
Security also has to be a factor in the decision of which web host to use. "The host should have experience and expertise with your type of shopping cart," Amon says. Not all hosts provide the same level of security, so to help choose one that's right for your type of business, Amon also suggests going through business associations. As a green business, Kate's Caring Gifts got advice about web hosting and other recommendations through members of Green America, a national non-profit providing eco-friendly information.
For more information about website security scanning and other ways to protect your business and customers, contact Boonbox.
Ask A Security Expert
"What kinds of businesses would actually benefit from Network Security Assessments?"
Network Security Assessments are now recognized across many industries as a standard and effective service helping businesses protect their own systems as well as those of their customers and partners and maintain regulatory compliance. However, NSA's are not for everyone. Between a small graphic design office with a few employees running their computers off of a single server to a financial services company with multiple locations in 20 countries, what kind of organization needs an NSA?
The kind of company that would be recommended for an NSA would include one that:
* needs to maintain operational continuity
*
Uses IP-based physical hardware (servers, workstations laptops), ports, networked printers, firewalls, and manages operating systems
* Requires assistance with Remote Access, Access Control, Password Policy, Segmentation, Encryption, Data Classification, User Account Management, Patch Management, Disaster Recovery and Business Resumption Planning, or Security Awareness and Training
* Needs a third-party expert assessment of IT policies, procedures and quality systems such as an organization’s help desk.
Should an organization fit any of these requirements, it should seriously consider using an NSA to ensure operational continuity and to avoid the long-term costs associated with a security breach.
Devfense Cyber Alert
PCIS Devfense Cyber Alert identifies websites that are vulnerable to attack. See the latest websites identified as vulnerable to badware at Devfense Cyber Alert on Twitter
This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days. These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.
If you would like more information on our data and why these sites are listed here, please contact PCIS
Devfense Cyber Alert Sites With Vulnerabilities Discovered in Past 90 Days
advanceflash.com
animesonline.net
antivirus-nt.com
bootstrapbusiness.org
cherokeehistory.com
databasefootball.com
ezticketsearch.com
greatweddingcakes.blogspot.com
himalayanadventure.com
indianmovieblogs.com
|
insurance-providers.us
jewishbookwarehouse.com
kamathresidency.com
leftjustified.net
lyricspedia.com
makemoneyfromtheinternet.com
nature-treks.com
newsmme.blogspot.com
schoolfundingcenter.info
websiteready.com |
Other ways to stay connected
About Boonbox
Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.
PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.
How to Subscribe/Unsubscribe to the Informer
SUBSCRIBE: To subscribe to the Cyber Security Informer, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com
UNSUBSCRIBE: If you do not wish to receive future issues of the Cyber Security Informer, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list.
WE WANT YOUR FEEDBACK: Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558
|
