Top Ten Weapons Against Web Site Theft

Len Lombardo, chief information officer for TransUnion LLC, recently painted a grim picture of theft of proprietary information and other computer attacks occurring via e-commerce. Lombardo pointed to a study by Internet consultant Jupiter that found that 50 percent of Web site managers and chief information officers consider the sensitivity of their sites' data as "low." At the same time, the study found a basic lack of understanding among U.S. businesses at how grave a security breach can be.

Lombardo gave these ten tips as the best steps companies can take to protect their sites:

1. Install and maintain a working network firewall. Encrypt the data accessible through Internet connections, as well as any information sent across public channels.
2. Use a one-time password system. Ensure all accounts have passwords.
3. Regularly update security patches. Use tools with strong cryptographic features.
4. When writing software programs, use secure tools, many of which can be found at security-related sites on the Internet.
5. Continually monitor and update network configuration and use. When an area is identified as one that could be compromised, make changes immediately.
6. Check with vendors for the most recent security fixes. Use and update anti-virus software.
7. Monitor online security archives for alerts and technical advice.
8. Institute a unique identification system for tracking all access to data.
9. Audit systems and networks regularly. Detecting and tracing a breach in security is more difficult if audit data is incomplete.
10. Continuously test all security systems and processes.

Copyright © 2002 Bankers' Hotline. Originally appeared in Bankers' Hotline, Vol. 12, No. 1, 1/02