The Down and Dirty on Cleaning in Virus Season
Industry Report Reveals Burnout Prevalence Among Cleaning Professionals
How Surfactant Use is Expanding in Commercial Cleaning
Clean Buildings Conference
Insecure?
Ensuring that e-commerce processes are virus-safe and hacker-free is a surefire
confidence booster
— By Lynne Knobloch-Fedders
Not one for taking risks? Even if you are the type to bungee jump or rock climb, risk-taking should end when it comes to your computer systems. Leaving them susceptible to stolen customer information or viruses is something not even the biggest adventurer wants to brave.
The worst e-commerce “accidents” can happen when businesses lack important protective features. Internet security is of great concern for distributors who maintain online ordering websites, and it is essential that they be prepared to handle fundamental security issues before they venture into the world of e-commerce.
While many distributors are still grappling with the decision to bring the Internet into their companies, others are already deeply invested and well on their way to making it an important part of their business plans.
Morrisette Paper, a Greensboro, N.C.-based sanitary supply distributor, found that its customers have welcomed the chance to order online. “Our customers have commented on its ease of use and 24-hour access,” Morrisette employee Jim White says. “Most of our orders are placed early in the morning or late at night after business hours have ended.”
Because online ordering eliminates the need for data entry, it often pays for itself. “Right now we have six employees devoted to data entry, so to eliminate that cost would pay for the online ordering right there,” says Louis Salazar, CEO of Anaheim, Calif.-based American Chemical and Sanitary Supply.
Being Safe
When a company decides to add online ordering to its service roster, it is essential to have security features in place to protect that company’s investment. Luckily, security costs are actually one of the least-expensive components of e-commerce, according to Chris Cantwell, a Milwaukee-based Internet consultant. “In terms of a cost-benefit analysis, it is definitely worthwhile to make your e-commerce secure, since it is relatively inexpensive to do,” he says.
Online ordering systems have three distinct “links” in the communication chain: the customer, the e-commerce company, and the Internet, which acts as a communications pipeline between the customer and the e-commerce company. All three links must have components in place to ensure the security of the system.
Customer Security
Most customers access the e-commerce company’s software from their desktop computers using their Internet browser (for example, Microsoft Internet Explorer or Netscape Navigator). Jeff Gusdorf, senior consultant at St. Louis-based BSW Consulting, explains that customers can reduce their security risks by making sure their Internet browser software is periodically updated with the latest security “patches,” or software updates. Software updates are always being released, so it is important to install these patches regularly.
Another security feature customers value when ordering online is the Internet site’s secure socket layer (SSL) web certificate. Websites that are SSL-secured display an icon that looks like a padlock in the lower right-hand corner of the site. The SSL certificate ensures that information transferred to and from the site is from the same source location, has been encrypted (scrambled), and is secure.
Transaction Security
Because hosting an e-commerce website is expensive, complicated, and often requires the expertise of an in-house information technology department, most small to mid-sized distributors hire an outside company (called a “host”) to manage and maintain their e-commerce capabilities. The Internet hosting company’s server often functions as the destination point for all traffic entering the website, protecting the company’s computers from having to deal directly with these Internet transactions.
American Chemical and Supply Co. hired an outside hosting company to manage its website to cut down on the time investment required. “Daily publications are issued about the different viruses out there,” Salazar said. “We chose to pay the money to have another company do the maintenance on our site so that we wouldn’t have to keep up with all the latest virus concerns.”
Whether transactions are transferred through an outside hosting company’s server or directly to the company’s internal server, transaction security operates on three basic levels. The first — secure socket layer encryption — scrambles information into a code transmitted through the Internet so that it cannot be easily read if intercepted. Encryption can be done at varying levels of complexity — for example, 40-bit, 56-bit, and 128-bit levels of encryption exist. Higher numbers indicate increasing levels of complexity. If you are conducting transactions that require the transmission of credit card numbers, Gusdorf recommends using the most complex level, 128-bit SSL encryption.
Credit cards aren’t a necessity, though. Maintex’s hosting company does not accept credit card payments at all. “When our customers set up their online accounts, they set up a billing procedure with us so they are billed directly,” says Stu Silverman, vice president and general manager of the City of Industry, Calif.-based distributor.
A second level of transaction security involves requiring customers to log in with passwords in order to gain access to the website. “There is a whole science behind password construction to prevent them from being broken, and specific rules you need to follow when you create passwords — both for your customers’ passwords and for your own site administration password, which is required in order for you to load information onto your site,” Gusdorf explains.
Since security in general depends on the password’s security, Gusdorf recommends that passwords should be at least eight characters long, contain a “special” character (i.e., #, $, *, &), and use both uppercase and lowercase letters. Complex passwords constructed according to these rules increase security by a factor of 1,000 times.
Bunzl, a St. Louis-based wholesaler, issues passwords to its customers to allow them online ordering access. “Our website functions as a ‘gated community’ that customers can access through a required login and password system,” says Eric Peabody, director of marketing at Bunzl. “The customer is allowed access to real-time information based on the inventory that their distributor has on hand, as well as their specific pricing customized to their sales contract.”
Build A Firewall
Once information has been transmitted to a company’s computer, they still must ensure that it remains secure. “The worst thing companies can do is store confidential information on their computers in a plain data file,” Gusdorf says. “That kind of information also needs to be encrypted once it’s stored on your computer in case hackers gained access into your computer.”
Another essential way to prevent information theft is to ensure that a company’s computer has a firewall. A firewall acts as a barrier to prevent unauthorized computers from gaining access to a company’s server by blocking off the computer’s ports. If server ports are left open, hackers may be able to locate these ports and gain access to the computer or the network — allowing them to install viruses or gain access to the computer’s information. “The majority of hackers don’t do it to take information, or for criminal intent — they do it just for fun or to prove they can do it,” Cantwell says.
A firewall can actually be either hardware or software; hardware versions are usually more expensive but provide more functionality. An advantage to hardware-type firewalls is that they do not use up the computer’s processing capacity like software versions do.
If a company is hosting its own server, Cantwell recommends that distributors utilize several different computers to store databases separately on the network. That way, the amount of information accessible via each individual computer is limited. In addition, it is important to have a backup plan ready in case the server goes down. For example, some companies employ a second server that automatically runs the website if the first server goes down.
Another frequently overlooked security concern involves the company’s own employees. Businesses should ensure that only key employees have access to confidential customer information, including payment information and credit card numbers. Keep databases confidential by requiring passwords to access them, or by making sure that key employees’ computers are kept locked in secure areas away from general traffic, Cantwell advises.
|
When Searching for An Internet Host |
Before hiring a company to host your e-commerce website, there are several important questions Jeff Gusdorf, senior consultant at St. Louis-based BSW Consulting, recommends asking. The answers can help determine what hosting company is right for your business needs.
Gusdorf says that in the world of Internet hosting companies, the old adage is true: You get what you pay for. “You can find some Internet hosts out there who offer low prices and promise you the world, but unfortunately low-quality service and support also comes with that low price,” he explains. “E-commerce is supposed to make it easier for your customers to do business with you, but saving a couple of bucks with a weak host that causes your site to be slow or unreliable will actually cause you to lose business.” — L.K.F. |
Lynne Knobloch-Fedders is a freelance writer based in Glenview, Ill. E-mail questions or comments regarding this article.
Truly Inspired: Quotes to Live By
Sometimes it’s the little things that keep salespeople fresh, motivated and on top of their game. At motivateus.com, you’ll find an extensive collection of motivational quotations, poems and advice, some of it submitted by people just like you.
By using quotes in a morning e-mail, or incorporating a favorite saying into company literature or posters, you might give someone just the push they need to approach a difficult task with a positive outlook.
You might even challenge salespeople to submit their own tried-and-true expressions, mottos or advice.
Here’s an example of what you’ll find on the site. This bit of wisdom comes from Marcel Proust: “We must never be afraid to go too far, for success lies just beyond.” A site full of free advice? No motivation needed.
Create Your Own Legal Documents
Now you don’t need a law degree (or a fat retainer fee), to compose basic, business-related legal documents. LegalPoint 1.0 includes 75 legal documents with explanations and instructions for everything from past-due notices to purchase orders to power of attorney and pre-nup forms. For $50, users can download and use all 75 forms, created specifically for small business professionals. Click here for ordering information.