Understandably, since Grandma’s Treats is a start-up, such measures should be effective while also remaining relatively inexpensive. The first step in defense of hardware and software are firewalls, using “the Kerberos protocol, which uses symmetric secret key cryptography to restrict access to authorized employees” (LitLangs, 2008). A peripheral component interconnect: hardware, or PCI, card is installed on the server hardware to provide further protection against hackers accessing information such as credit card numbers.
Transactions using a secure socket layer (SSL) will ensure safety of the details as they are being sent across the worldwide web. An inexpensive way to maintain control over sensitive information is by placing the data on a physically separate hard drive, or zip drive, which can be removed from the server. These files also require daily backups to ensure the integrity of the data.
The simplest form of security, however, is achieved by requiring that all passwords used by company employees to access any hardware or software applications are complex. Communications between the company and its customers can be afforded a degree of security by employing one, or a combination, of several protocols which include Public Key Infrastructure (PKI), digital signatures and certificates, SSL and Secure Electronic Transaction (SET).
PKI is the least expensive, but also the least effective, of these measures. Keeping up to date on the latest security patches provided by software manufacturers will also aid in keeping such communications secure. To provide security in a wireless Internet environment, the network used by the company must be secured by using encryption to protect against internal and external attacks.
Extensible Authentication Protocol, or EAP, as an authentication framework along with an EAP Method in one form or another is imperative to ensure security of transactions and information over a wireless network. One of the simpler methods of ensuring security in a wireless network is by instituting, and enforcing, personnel policies with regards to the download of files and the usage of such devices as iPods, digital cameras, and PDAs for business purposes (Wittig, 2008).
Internet Security should be protected, at a minimum, with the use of firewalls, spyware scanning and virus protection software. Information from purchases made over the Internet should be encrypted via “pretty good privacy” (PGP) software. Since obtaining a digital certificate is expensive, an E-commerce merchant account can be set up with a credit card services company to provide a digital certificate which can be used at no additional charge to Grandma’s Treats.
In reviewing the inexpensive security options available to Grandma’s Treat, it is clear that the employment of common sense, the institution of an Internet policy for employees, and the measures made available through software and hardware manufacturers at no additional cost will be key components. Using complex passwords, virus protection software and firewalls, ensuring that security patches are regularly applied, backing up data, and partnering with a reputable credit card services host company are all inexpensive, or no-cost, methods of providing adequate, if not fool-proof, security in an E-business environment.