Introduction
In this fact sheet, I am going to be discussing the security
risks that organisations like Orinoco© will face.
I will also be explaining how these organisations can prevent these security
issues from arising, i.e. Anti-Virus software. Finally, I will be talking about
the laws and guidelines that organisations within the E-Commerce business will
need to follow.
Security risks while online
E-commerce businesses such as Orinoco© will be facing a lot of
security risks. The most common risks that they will be facing are, hackers
attacking the site and trying to access customer information. Imposters will be
downloading the layout of the site and hosting it, luring customers into
thinking that is the real site, therefore stealing customer information.
Hackers sending administrators/users infected programs that when ran will steal
private information (passwords, bank details etc.) (UK, n.d.) .
Viruses are a common way in which a computer can be infected, viruses
can be created to steal the users passwords or to completely ruin their PC. If
the use does not have an anti-virus installed, they will not know if they are
infected with a virus. Viruses can also slow down the user PC considerably.
RATs are a popular way in which a hacker can gain access to your PC. The hacker
can watch your screen. Some RATs come with a key logger built in so they will
be able to see what your key strokes are. The way the user can prevent these is
to purchase a popular and reliable Anti-virus, however you are not protected
fully because hackers always find a way to bypass them.
A very popular method that hackers use is phishing, phishing can occur
when Trojan horses are installed on vulnerable machines. Keyloggers are popular
and easy to use for hackers because all they have to do is target someone, make
them execute the application and the victim’s keystrokes and URLs accessed will
be sent to their email or FTP server address. (Tomar, 2012)
SQL injection is a huge security risk, if the website is not fully
protected of up to date, hackers can find these loose ends in the website, and
these can be found in places like URL or login boxes. If the hacker
successfully abuses the bug found, they can have access to the whole database,
and this includes passwords from everyone. Botnets are a huge issue for an
e-commerce business because they can be used to initiate a stronger DDoS attack
on the website.
Preventative Measures
There are many measures that e-commerce businesses can use to prevent
hackers from causing serious damage among the business. The most common way is
for the business to contact an internet security company that offers good
security packages.
By proceeding with frequent
scans on the server, an organisation can identify any type of suspicious
actions taking place, for example, worms, Trojans and viruses. To further prevent security breaches,
administrators for the e-commerce business should be using anti-viruses. This
is because by using an anti-virus program, the users system will be scanned for
any viruses and will warn the user about a file that may be infected.
Create a new and unique password different from any other websites you
have visited, this is because if a hacker has found your password for one of
the websites you logged onto, they may try to use the same password for the
e-commerce business. However by using unique passwords for each website, they
will not be able to gain access.
Be careful what you click on. If you have an anti-virus installed, you
will be warned if a website that you are trying to access is untrusted. If you
don’t have a security scanning program, you must be careful what you click on.
Don’t download file that are hosted on sketchy websites. Or click on links sent
to you via anonymous email. If you are careful, you will be able to prevent
yourself from getting a virus that could damage the e-commerce business.
The e-commerce business should have a system in place that limits the
amount of times a password can be entered incorrectly for the user targeted.
This is extremely important because it would be extremely useful as the
attacker will need to think wisely for which password they will attempt to use,
if they keep failing they will be locked out and the administrators will be
informed.
Laws and Guidelines (E-Commerce Businesses)
Guidelines that an e-commerce business must follow have been
updated (Consumer Rights Act 2015 updated 1st October 2015). The
guideline was created to ensure that there are no disputes between the seller
and the buyer and makes sure that both are not paranoid about losing out.
The guidelines states that the buyer must get what they paid
for. The buyer has the right to reject and send back and goods that they bought
that are faulty within 30 days. The services must be provided and that that
they are taken seriously and carefully. If any goods are damaged, the buyer has
the right to have the item returned and money sent back, or they have the right
to have a replacement sent. Price reductions to goods that are not addressed
after six months, i.e. second hand goods.
Consumer Protection law must be followed by the e-commerce
business. If this law is not followed by the business, the business can be
sued. The business must use signatures to keep data secure and not become
hijacked. These signatures can be things
like encryption. Data protection act (1984, 1998, and 2000) must in place and
followed as well. The act will tell the organisation what must be in place, for
example back up procedures must be in place in the case of a disaster they can
revert. (Capper, 2015)
Bibliography
Capper, T., 2015. E-Commerce Guidelines for UK
Online Businesses. [Online]
Available at: http://onlineownership.com/e-commerce-guidelines-for-uk-online-businesses/
[Accessed 19 November 2015].
Available at: http://onlineownership.com/e-commerce-guidelines-for-uk-online-businesses/
[Accessed 19 November 2015].
Tomar, J., 2012. Security
Threats with E-Commerce. [Online]
Available at: http://www.slideshare.net/jitendratomar/6-security-threats-with-ecommerce
[Accessed 18 Novermber 2015].
Available at: http://www.slideshare.net/jitendratomar/6-security-threats-with-ecommerce
[Accessed 18 Novermber 2015].
UK, F., n.d. Identifying
e-commerce threats and vulnerabilities. [Online]
Available at: http://findlaw.co.uk/law/small_business/business_operations/e_commerce/securing_your_e_commerce_systems/558.html
[Accessed 18 November 2015].
Available at: http://findlaw.co.uk/law/small_business/business_operations/e_commerce/securing_your_e_commerce_systems/558.html
[Accessed 18 November 2015].
No comments:
Post a Comment