Click to start search
You are here:
Assistance
You got here from Homebreadcrumbs separatorExportbreadcrumbs separatorAssistancebreadcrumbs separatorProgramsbreadcrumbs separatorExporting Onlinebreadcrumbs separatorSecurity

Security

Click to send this to a friendClick to print pageClick to print page to PDFContact usChange to standard fontChange to large font

Adopting a common-sense approach to security

Once a business is connected to the Internet, its system (ie. website, connecting databases, transaction engine, other linked programs such as ERP) is exposed and vulnerable. A business must employ a security strategy to protect its personal records, financial information, customer records and credit card details.


Security refers to techniques for ensuring that data stored in a computer can't be read or compromised. There are a number of security solutions, or combinations of security solutions, that a company can employ. Here are a just a few:


Most security solutions involve data encryption and passwords. Data encryption is the translation of data into a form that is unintelligible without a deciphering mechanism. Encrypted data is referred to as ‘cipher text’. A password is a secret word or phrase that gives a user access to a particular program, system or encrypted data.


Firewalls are security systems that protect the information contained in a computer system from hackers. They are a fundamental security component in any computer network and may use a combination of firewall hardware and software. Firewalls control the flow of data through gateways between computer networks and the Internet. Rules define who can access different parts of the company system. Users usually require a password for access. Firewalls are particularly useful for a business network that sends and receives emails, transfers data over the Internet or connects with outside computers.


Secure Sockets Layer (SSL) was developed by Netscape to send private documents via the Internet. SSL uses a public key to encrypt data that is transferred over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many websites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with ‘https:’ instead of ‘http:’


Public Key Infrastructure (PKI) security systems are cryptographic systems that use two keys – a public key known to everyone and a private key known only to the message recipient. Messages are sent using the public key and decrypted by the recipient using the private key. A feature of this system is that it's virtually impossible to deduce the private key if you know the public key. Public-key systems, such as Pretty Good Privacy (PGP), are becoming popular for transmitting information via the Internet. They are extremely secure and relatively simple to use.


A Certificate Authority (CA) is a trusted third-party organisation that issues digital certificates used to create digital signatures and public-private key pairs. The CA guarantees that the individual granted the unique certificate is who he or she claims to be. Usually, this means that the CA has an arrangement with a financial institution, such as a credit card company, which provides it with information to confirm an individual's claimed identity. CAs are a critical component in data security and e-commerce because they guarantee that the two parties exchanging information are who they claim to be. An example of a CA is Verisign Inc. which provides a range of digital trust services.


Authentication is a common security measure that requests the user to login authorisation details before allowing them access to restricted areas of a site. These details usually include a username and password.


A business should adopt a common-sense approach to security. That is, a company should adopt a security strategy that matches the risk faced by their business. For example, an issue that may be critical for one company may be irrelevant to another. If security is important to a company, it should seek expert help by talking to consultants and businesses that specialise in this area.


To help small business operators understand security issues, the DCITA has produced an information resources package called 'Trusting the Internet', which includes fact sheets, checklists and case studies.


In addition the Defence Signals Directorate (DSD) has developed OnSecure an online resource that helps users of the Internet to understand and respond to potential e-security threats and provides access to information and advice on issues such as spam, viruses and fraud.

back to top of site

Video

The directors of
The Hairstyler.com discusses
Internet Security and Online Business Future
(3m 55s)


Austrade 2007


back to top of site

Sidebar Content

Free booklet

Download your FREE Exporting Online booklet containing useful checklists.

myExports

myExports Online Payment Service a new way to get paid and book shipment online

e-business news

Australia holding steady for 'E-readiness' according to a 2007 survey by the Economist Intelligence Unit (EIU)

e-business guides

Produced by DCITA, Trusting the Internet is an excellent guide to e-Security for small business.

Australian eCommerce Best Practice Model

Does your website rate in the areas of accessibility, marketing, security, and privacy?

Footer Information

Disclaimer

Austrade makes no warranty, express or implied as to the fitness for a particular purpose, or assumes any legal liability for the accuracy or usefulness of any information contained in this document. Any consequential loss or damage suffered as a result of reliance on this information is the sole responsibility of the user.