something4 ecommerce software and self build stores

Data Management Made Simple!

This white paper will explain how data management can benefit your business and what you need to know before you get started.

  

How you should protect, service and treat all of your electronic data and comply with the law

Protecting both your own data and your clients is extremely important! Complying with the Data Protection Act is sometimes not enough and you should go just a little further to try and guard sensitive information and there are a few different ways that you can do this. Physical and virtual securities are things you need to think about. There are many ways that data can be stolen or lost, and making sure that you are not liable if data falls into the wrong hands is extremely important.

Selling online will inevitably lead to you collecting huge amounts of personal data from customers through online transactions. This information could include names, addresses, card information, marital status, dates of birth and transaction history. All this information could ultimately be used for criminal activity and you are responsible for making sure all this data is secure or it could lead to a lawsuit - something you don't want!

Keeping data safe from unwanted attention is not the only thing you should think about! Things often go wrong with computers so keeping a regular backup of data is also important. The data you hold is probably quite important to you so taking precautions is a sensible idea no matter what your business is. As technology improves, and with all the negativity surrounding online security, most companies are looking into improving their online defences but not the physical ones.

If you want to know your rights about data protection then, in the UK, you need to look into the 1998 Data Protection Act. It protects the rights and freedoms of individuals, the access to the data you keep and the principles that should be adhered to by companies and organizations that process such information. In short it describes what data you are allowed to keep and use legally, and what rights each individual has to access their own information.

BS7799 are the security standards and policies set by the UK government. It standardises the way that security information is practiced and used. It is focused towards electronic data but can incorporate any kind. This standard is to aid companies drive towards assessing their current securities and working to improve them. It also covers legal issues surrounding data and security. Some companies decide to pursue it others not, depending on their needs and how sensitive their data is. You are not required to use it but you might find that working with governments and other larger companies will be difficult if you do not follow the BS7799 guidelines or at least work towards them.

There are many different factors that contribute to the loss of data. Human error, hardware failure, theft, viruses, hacking and even accidental damage are all possible reasons for losing data and it sometimes too easy to place our trust in technology thinking it won't fail us! Backing up your data should become daily practice for security and protection reasons. People often underestimate possible security threats to their company and this can have catastrophic implications for an online business. 

Even the largest and most successful companies experience security breaches. MasterCard, Boeing, Bank of America, AOL and Citibank have all had data stolen recently. The more exposure you get on the web, the likelier you are to be targeted by fraudsters and hackers.  The Bank of America managed to lose $1.2 million as files got lost during transit. It's so easy for this type of thing to happen, so be prepared and get organized!

 

What can you do?

  • Use a reliable card processing service such as WorldPay. These companies specialise in secure online sales and can help you reduce the threat of having data hijacked or amended on route between your site and the banks. Much effort has gone into developing these systems and is one of the reasons that card processing services are now so popular and convenient for online sellers. They offer competitive rates and the majority have a first class service. They also offer fraud insurance and other schemes that can be beneficial to trading online. These online payment services take data security extremely seriously and will work with you to make sure you are less vulnerable.   
  • Encryption of data is the safest way to store all types of information. Basically when you encrypt your data it makes it unreadable to anyone except yourself who has a key that can decode it. It is imperative that when processing online sales that all your customers' data is encrypted thus reducing risk.  Even if your data is stolen, encrypted files are extremely hard to access, so you shouldn't have to worry quite as much! Consider encrypting data during transfer from one site to another. Encrypted files require a password to access the data contained within this. Most of the online stores will display a little padlock icon in the bottom right hand side of Internet Explorer, although other browsers many vary, indicating that the data you are sending and receiving is being encrypted for safety. Storing your archive lists offline, but still accessible to you, but not via the internet, could increase your security as this makes it harder to access to anyone outside of the company.
  • Consider how your computers are networked and controlled. Are you using up to date software? Is it bug free? Are your computers protected using a firewall? Making sure that the software you use is up-to-date and bug free is important as hackers often take advantage of flaws in software to gain access to systems. Bug patches are often free to download from the internet and should be applied promptly. Read the software news letters or emails that are sent to you because they may very well contain important news about problems with their software. Firewalls are also useful to detect unwanted presence in your systems. You can assign access to approved users and the tasks they are allowed to perform when accessing your network remotely. Firewalls are not expensive but while they are not 100% reliable, they do reduce risks by a significant amount. 
  • You should adhere to the rules set within the Data Protection Act. Protecting yourself legally is just as important as physical protection from intruders. If you do not comply with the law you could face penalties or law suits. Individuals whose records you have stored have a legal right to view and amend such information. You should be prepared and understand the law to help avoid any disputes in the future. The DPA requires that you are open about the information of individuals that you hold and that you process it fairly, keep it accurate and do no not share / transfer it to countries outside of the European Union without consent. It should also be used reasonably and for the purposes the customer expects.
  • Have your own data protection policy that can be accessed by customers and employees. Define your own rules and steps for dealing with data protection, transfer of data and storage. Assure people that your company can and will comply with the laws set by your government. Think about writing this in a friendly style similar to your terms and conditions; so that people feel that their personal information will be kept safe and not end up half way across the world. If customers can see that you have made an effort on their behalf, then they are likely to trust you in the future and bring returning business to your site.
  • Backup! You would be surprised how many people don't do this! It is more common now as people have had time to learn from their mistakes. Make sure you do this on a regular basis. Don't assign it to one of the last minute tasks at the end of the month or a trainee. It should be done on a regular basis. You can back up your files directly from the PC on to a CD or DVD, and you can have the server backup all the files daily or weekly. Storing Data on a secure server is sometimes a better idea as the server is probably going to be more reliable than your desktop pc and it can perform automatic regular encrypted backups just in case you forget! Also servers are often kept in a secure location so they are less likely to be physically stolen by thieves. Store your backup Tapes / DVD offsite! It's no good putting them into a box next to the server if there is a fire in the same room or building! The backup would be pointless otherwise.
  • IT companies need to start taking control over how data is stored, used and accessed. If you can - don't write down your passwords, but if you really must then make sure you store the passwords / security keys in a safe location - i.e. in a safe. You should be able to remember and change them on a regular basis - including your internal passwords as disgruntled employees can be a threat. If someone knows your passwords then they have free access to your complete systems. Don't use simple passwords. "Password" should not be considered as a password. Use a mixture of letters and numbers to make it much harder to guess and never save it onto a pc unencrypted. Avoid using words in the dictionary as there are programs the attempt to guess the password from a database of words. Phrases are a good way to remember things so think about combining these with numbers, using lowercase and uppercase words and then you would have a good, secure password. For example, ‘01WhenHARRYmetSaLLy1989' or ‘1onD0nTw15ter'

Now all merchants must comply with PCI DSS standards. PCI DSS is the Payment Card Industry and Data Security Standards while extending beyond payment to the data stored ‘bank-office' - for the simple reason that it's often easier for a data fraudster to hack into systems to steal 10,000 customer records than intercept a single payment during transmission. Designed to help combat online fraud and theft, these new industry standards help companies to retain customers and working towards improving security within the industry. They provide toolkits to use that can help organise and implement safer security measures for your company and help comply with the standard procedures.

Keeping data safe and secure is an ongoing process and being up-to-date with all the latest technology isn't easy. Cyber criminals are always finding new ways to break into systems and software companies are always trying to catch up! You may want to consider employing the services of someone who has expertise in this area. With all the jargon and different tools available to help secure your systems, it's not an easy task.

something 4 Ltd have the technical know-how and contacts to help improve your security to help you protect your data. Our team are dedicated to online security and take any data protection issue seriously.

Sitemap