One thing that the experts are unanimous on is the need for companies to have clear guidelines about what needs to be done to ensure a safe environment for e-commerce.
In conjunction with a security policy, the relatively inexpensive gadgets, software and services that small businesses can install will provide protection from all but the severest threats. Without it, they say, the best technology in the world can provide only partial cover.
One starting point is to ensure that all security capabilities are installed on web servers and that all software is kept current with the latest updates.
It is also important to implement and manage an effective password policy. If staff are simply jotting passwords on post-it notes and sticking them to the computer screen, it is time to take urgent action.
Passwords should be changed frequently, and ideally, use a mixture of upper and lower case alphanumerics. Security is a moving target and needs to be audited on an ongoing basis. A network is constantly changing as new users or applications are added and users leave the company.
Know your service provider
That should also apply to the internet service provider (ISP). Security has a lot to do with the quality of service offered by these and other web hosting providers. Choose your ISP carefully and don't just go with the one with the best rates. It is their responsibility if your site goes down and they should explain what steps they would take to put it up again.
Businesses should in particular ask about internal security policy within the ISP, steps that would be taken in the event of a breach and whether it will offer recommendations for protecting against future security breaches.
Ultimately, security is as much about awareness as about technology. As in any new environment, websites and companies that survive and prosper will be those that keep an eye open for possible mishaps, as well as those with an untapped market and exciting business plan.
But in a world characterised by risk, complete protection against hazards is hard to achieve, and site owners will always have to balance the needs of security with other business concerns. The key principle here is to make the attacker’s job hard enough that they look for an easier target.