Security is a mysterious and scary topic for most people. Concerns about issues like personal privacy, identity theft, computer viruses, spam and the safety of online transactions are being raised more often. But shutting down all of your online activities isn’t an option in today’s competitive business environment, so what can you do to protect yourself and your website? Here’s a quick guide through online security fundamentals.

A website is a public place
If you absolutely need to keep something private and secure, do not put it on a public website. Security is about managing risk; it is not possible to be absolutely secure. There are ways to protect areas of a website and safe-guards and techniques to help keep your information safe, but security comes at a cost and the more secure, the higher the cost.

Email is not a secure method of communication
It is fairly easy for a knowledgeable person to intercept and read emails. Emails, sent via a website form, are vulnerable to this kind of security breach. Do not include information in an email that you need to keep secure, and do not ask your website visitors to submit such information on an email form. Credit card numbers are a prime example.

Privacy policies
Many of my clients ask if they need a privacy policy on their website. If you are collecting personal information (often using a form on your site), and keeping it, then yes. You need to declare in a privacy document, displayed on your website, that you are keeping the information, how you are using it and how you are keeping it securely. For guidelines, visit http://privacyforbusiness.ic.gc.ca/

Establishing trust
If you are trying to do business over the Internet, you need to establish a sense of trust with your clients. If you do not have any contact information besides an email address on your site, most people will not trust you enough to do business with you. A physical address and phone number should be on your website. However, you should think carefully before putting your personal home address on your site. If you are working out of your home, you may want to use alternatives like postal box or office space rental services.

Domain name registration
Ensure that your domain name (website address) is registered under your personal or company name. Be careful that anyone working on your behalf has your correct information and uses it, not their own, for the registration. Also, your domain name must be renewed each year. Do not just rely on computer records: print out and keep your domain registration information (including passwords) in a safe place and mark the renewal date on your calendar.

You should be contacted by the registrar a month or so before your renewal date, reminding you to renew. It is important to keep the contact information on your record up to date for this reason. When you get a renewal notice, be careful to check it against your records. There are several domain scooping scams (with companies who pretend to be your registrar) that can fool you into paying more than you should, and into moving your domain name inadvertently to a different (unscrupulous) registrar.

Backups are essential
Your website is essentially a set of files stored on computer (called a server) that is connected to other computers via the Internet. Hardware can break down, hosting companies do occasionally fail and people with nothing better to do can hack in to unprotected (or poorly protected) servers and do whatever they want with your files.

These dangers are rare for most small business websites but are still possible. By making regular backup copies of your website on your hard drive or on a CD (or both), you will be able to restore your site with less effort should the worst befall you. Back2Front always has multiple redundant copies of all of our websites stored in several locations. So if something ever happened, we would be able to restore our sites with minimal downtime. Ask your hosting company about their security and backup measures.

Spam is not just annoying
If you do not know how to handle it, spam can seriously affect your business. You are not likely to be completely successful in preventing the spammers from getting your email address. However, you can prevent spam bots from collecting your email address from your website by using a form (correctly written) to submit email rather than using a typical email link on your site.

You can also hide your email address from spam bots by providing your email address in an image that is not linked. To deal with the spam you cannot avoid in this way, you must obtain and learn how to use effective, current spam-filtering software. Do not rely on your ISP to filter your email for you; the chance of legitimate email being trapped is too great a risk if you use email for business purposes.

Computer viruses can hide in email attachments
If you get unexpected email from someone you do not know, do not open the attachment. Downloading software from a website can also infect your computer, so only download from established sites with good reputations.

Occasionally we get questions from clients about the possibility of viruses infecting their site. This is a highly unlikely scenario. Viruses are programs written with a profit in mind; most small business websites are not targets since there is a limited perceived pay-off. Web servers, run by reputable hosting companies, have firewalls installed that protect the server from unauthorized access and viruses. You should have firewall software installed on any computer that connects to the Internet.

E-commerce security
If you sell online, in most cases we do not recommend that you attempt to handle the security needs of the payment transaction from your website. Instead, use the services of a payment gateway. PayPal is recommended by our company due to the fact that it is well known, well accepted by the public and relatively easy to work with. There are many payment gateway options including Internet Secure, which has the advantage of being a Canadian company.

The actual collection of the credit card information and the interaction with the financial institutions and all of the security that is necessary are handled by the payment gateway to ensure safe and smooth transactions. You save the cost and the risk of setting up your own payment facilities; in return they charge usage fees. PayPal charges between 2-3% of the value of the transaction.

Buyer beware
Web site security for online transactions, internal business functions and sensitive information is a highly technical topic that requires specific training. If you require security for this type of website, ensure that the company you are working with knows what they are doing.

Savvy business owners ask questions and know that bargain-basement priced security is never a bargain. As with any service provider, be sure to ask for references.