The Impact of Security on E-Commerce - Example

THE IMPACT OF SECURITY ON E-COMMERCE The impact of Security on E-Commerce Name University Course Date The impact of Security on E-Commerce Executive Summary E-Commerce has become the central element in the contemporary business environment. It has become the in thing for virtually every company because it has become prudent to have an online presence. E-commerce services present quite a number of benefits both to individuals and organizations. For instance, through e-commerce, customers can now purchase goods online without having to physically going to the store. This helps the customer to save time and cut cost incurred in travelling to the stores. Generally, e-commerce has greatly simplified almost all business operations. However, security has been a major issue affecting e-commerce. Cyber criminals have discovered ways of breaking into networks to obtain crucial information belonging to the customer or organization. Several cases of cyber crime have been reported in the past and this has negatively affected e-commerce. This paper therefore, discuses the impact of security on e-commerce and presents ways of dealing with the problem of security. Introduction Since the advent of industrial revolution in the mid 19th century there has been surge in technological improvements cutting across all facets of human necessities (Evan, 1997). There have been innovations and improvements in agricultural equipments and processes, communication, health, entertainment among other fields that have become beneficiary of technological advancement. The fundamental element that spurs these technological revolutions is the dynamics and the fast changing lifestyles of people in societies characterized by limited resources, increasing population and basically emergence and evolvement of new challenges in societies that needs to be addressed hence shoving societies to look for means to solve using technology (Evan, 1997). One of the major advantages of the Internet is the facilitation of e-business. E-business entails the passage of business information around the world using the Internet. Nowadays, the Internet has enabled the carrying out of business transactions online. Individuals can place orders online and pay to receive products or services. The online business has led to many shoppers to avoid going to marketplaces for transactions thereby allowing them to engage in other productive activities. The consumers find it possible to transact online because of the wide range of goods and services that can be delivered to their homes within the shortest time possible. In addition, the Internet has enabled online banking, employment search, and online purchasing of tickets, among other essential services. Discussion Generally, e-Commerce has become the central element in the contemporary business environment. It has become the in thing for virtually every company because it has become prudent to have an online presence and many brands do not have associated mortar and bricks presence (Kalakota, and Whinston, 2007). Business to business transactions is also applied in the e-commerce mostly between distributors, suppliers, and manufacturers. It is now possible through the online retail space to acquire numerous models adoptable to retailers. All along, it has been the tradition that the bricks and mortar presence has been kept different by the web presence limiting transactions to buying online and also delivery of goods and services. The presence of the e-commerce services is vital because it helps in the researching for a product that a client intends to purchase. It has helped clients to view the products while the product is still in store (Gregory, 2009). Since the surge of new models like purchasing of products online and picking up of the product from the stores has been a result of the trend towards the multi channel retail, which has made it of great relevance to the services industry through the e-commerce systems. Customers can get to retrieve their bank statements online, also there is the online banking and brokerage which is also of great significance to the customers since they are able to pay credit card bills, transfer funds, buy and sell securities, apply for the approval for new mortgages also they can acquire information and also financial guidance online (Gregory, 2009). In the technological perspective, e- Commerce is a critical factor to consider in the development of security and also to the companies that offer security services. It is a factor in the development of technology that has brought great success to the security industry making it a pivotal and a success factor in the e- commerce. The protection of data against intentional disclosure to unauthorized persons or any accidental leakage of information or even destruction and modification of the organizations information by a third party that the information was not directed brings out definition to security. Security also refers to the provision of confidentiality, authentication, non-repudiation, effectiveness and availability, integrity and privacy as a control to access (Gregory, 2009). Security risks have become a global issue due to the numerous surveys that are conducted and compiled. The feasibility of a system can easily be compromised if the customers will lose confidence in its ability to keep sensitive and confidential information under utmost protection. It is important to note that technologically e- commerce is completely reliant to IT and in future when developments are made in the e- commerce then it will be solely reliant to IT for risk management and security. By providing fully secured networks that guarantee safety and confidentiality and also as solution that increases e-sales will have been found though it is not a simple task. It is not easy to acquire technologies that have flawless security measures and with cheap guarantees hence web based e- commerce could be compromised but much must be invested to minimize the risks (Kalakota, and Whinston, 2007). Hyperlinked web pages together with applications and other incompatible technologies have enabled various organizations to bring about business transactions and relations between companies across different parts of the world. In the organizational perspective the set ups that are established to facilitate expansion of the access to ecommerce solutions has exposed many corporate organizations. It is worth noting that e-commerce has positively impacted on their operations and business but security must be critically considered organizationally (Kalakota, and Whinston, 2007). In order for businesses and organizations to realize full potential of the internet they will be required or rather it will be crucial for them to invest heavily on expansion or creation of an infrastructure that offer protection to the company and its partners in trade together with its customers. It is important to develop the right balance between the hype and the actual reality of the security issues that continues to challenge numerous organizations and businesses (Kalakota, and Whinston, 2007). No matter what is offered as a long-term security measure in the real life, there is no existence of achievement that is regarded as perfect security. Organizations should set up an audit mechanism that monitors activities and also implement proper control measures of dispatch of information to business partners and clients that give control of security measures to the organization (Kalakota, and Whinston, 2007). To properly monitor and manage a proper security system and infrastructure in an organization it takes time and perseverance and also and an investment of great efforts. In the management perspective of e- commerce, security is all about visibility, risk, and people making it an imperfect discipline. The system designers should ensure clear and continued assessment of the infrastructure. As e-commerce brings significant advantages to a wide scope of areas e- commerce evolves continually and its security attendants support this advantage. An e-commerce system that is crippled by inappropriate security measures is likely to fail in its plan to deliver and achieve its objectives hence compromising the business functions that it is supporting at that time (Kalakota, and Whinston, 2007). Generally, security is a paramount aspect in e-commerce, and it is one of the major aspects that customers and organizations should put into consideration before transacting their business over the internet. Dealing with the security threats in e-commerce Security is a paramount aspect in e-commerce, and it is one of the major aspects that customers and organizations should put into consideration before transacting their business over the internet. Companies and organizations that have adopted e-commerce technology should put in place competitive security measures in their network in order to counter the security threats associated with e-commerce. This implies that security professionals and the risk management team in such organizations must understand the issues of network security so as to enhance the companies’ and customers’ network security hence ensuring confidence and smooth running of business. Network security cannot be 100% because technology is dynamic and new innovations present considerable security threats to organization data (Firestone, 2009). This therefore, implies that organizations should always be ready to invest in the adoption of new security measures so as to counter effects which can arise from security breaches. The most important thing is that the network management and administration team should not overlook any threat or vulnerability mentioned in the above report. It is very important for security team to understand some of the ways in which cyber criminals can attack the network of the company. Some of these ways are discussed below: Cold boot attack Cold boot attack is an attack where an attacker who physically accesses a computer is in a position of retrieving encryption keys from a running operating system by use of cold boot to start the computer from a completely off state (Kalakota, and Whinston, 2007). The attack relies on the data reminisce property of SRAM and DRAM to retrieve memory contents which remain readable minutes or seconds after the power has been removed. For the attack to be executed the machine is cold booted; a light operating system is then booted immediately, for example, using a USB, and the contents of a pre-boot memory are dumped to a file (Kalakota, and Whinston, 2007). On the other hand, the memory modules from the system are removed and quickly placed in a different machine under attacker’s control, which is then booted for the memory to be accessed. Side channel attack The side channel attack is an attack based on data gained from the physical implementation of a cryptosystem rather than theoretical weakness or brute force in the algorithms (Kalakota, and Whinston, 2007). To deal with the network security threats discussed above, the network used in e-business should be protected through encryption. Encryption of data is the obfuscation of plaintext or data that is being stored or being transferred from one location to another securely (Firestone, 2009). Complex systems of mathematical obfuscation are utilized in this mode of data transfer. In these systems, a symmetric key or symmetric key pair may be utilized as at least a portion of the decryption/encryption process (Firestone, 2009). Decryption, on the other hand, is simply the opposite of encryption. It is the conversion of encrypted information back into its original form that is readable and can be understood. One method of encrypting a net work is public-key cryptography. This is a cryptographic method which involves the use of asymmetrical key algorithms in addition to or instead of symmetric key algorithms (Firestone, 2009). An asymmetrical key algorithm does not require a secure initial exchange of more than one secret key to both receiver and sender, unlike the symmetric key algorithms. According to Larry Downes and Chunka Mui (1998), mathematical related key pair are created are created by the use of asymmetrical key algorithms, that is a published public key and a secret private key (Firestone, 2009). When these keys are used, they allow protection of the authenticity of a message being sent by creating a digital signature of a message by use of private key, which can be verified by the use of public key. Other security measures aimed at enhancing security in e-business include the following: 1. Changing default administrator usernames and password Almost all wireless routers and access points permits an administrator to manage the work via a special administrative account which allows total access to the configuration utilities of the equipment with a special password and username. Therefore, one must change the administrative username and password in his or her router or access point when setting up the unit. The default usernames and passwords of these units are popularly known by attackers. One should also change his password regularly for example in every one to three months. 2. Changing default SSID SSID is a name given to a network used all routers access points. You should change the default SSID name to a different name in order to improve security in your network. You should also avoid using obvious names for your SSID, such as you birthday, your name or your address. 3. Avoiding automatic connection to open wireless networks You should avoid automatic connection to open networks; for example, the router of your neighbor or free wireless hotspots because this exposes your personal computer to security threats. Some computers have features that enable it to automatically connect to a free network without notifying the user; therefore this feature should be disabled to avoid security threats in youth computer. 4. Assigning static IP addresses to devices Most people use dynamic IP addresses which utilize DHCP technology. In fact, this technology is very easy to install but this convenience can also favor the hackers, who can effortlessly obtain a valid IP address the DHCP pool of your network. To keep away these hackers, you should turn off the DHCP router, set a fixed range of IP address, and then configure every device connected to match; use private range of IP address to prevent computers from being accessed directly from the internet. 5. Enabling the firewalls on every router and computer Make sure that the firewall of your router is turned on, and you should also install private firewall software on every computer connected to the router. 6. Safely positioning the router or access point You should safely position the access point or the router because the Wi-Fi signals usually reach to the peripherals of the building. Properly positioning the router or access point will greatly minimize the leakage of signals into the streets and neighboring buildings. Conclusion In general, security is a major factor that affects e-commerce. Security is a very crucial aspect in e-commerce, and it is one of the major aspects that customers and organizations should put into consideration before transacting their business over the internet. Hackers have discovered that it is easier to break into wireless networks and even crack into wired networks by using wireless technology. As a result of this, it is significant that enterprises define effective wireless security policies that guard against unauthorized access to important resources. Wireless security policies are normally enforced by wireless intrusion prevention systems. The major issue with wireless network security is its simplified access to the network compared to traditional wired networks for example, Ethernet. Companies and organizations that have adopted e-commerce technology should put in place competitive security measures in their network in order to counter the security threats associated with e-commerce. This implies that security professionals and the risk management team in such organizations must understand the issues of network security so as to enhance the companies’ and customers’ network security hence ensuring confidence and smooth running of business. References: Evan I. Schwartz (1997). Webonomics: Nine Essential Principles for Growing Your Business on the World Wide Web. Broadway Books. Firestone, M. (2009). Wireless technology. Minneapolis: Lerner Publications Gregory, P. (2009). CISSP Guide to Security Essentials. Auckland: Cengage Learning. John Hagel and Arthur G. Armstrong (1997) Net Gain : Expanding Markets Through Virtual Communities , Harvard Business School Press. Kalakota, Ravi, and Andrew B. Whinston (2007). Electronic Commerce: A Manager's Guide New York: Addison-Wesley. Larry Downes and Chunka Mui (1998) Unleashing the Killer App: Digital Strategies for Market Dominance, Harvard Business School Press. Lowe, D. (2008). Networking All-in-one Desk Reference for Dummies. New Jersey: For Dummies. Matthew W. Beale. (2000). “Security Firm Warns of New E-Commerce Threat,” E-Commerce Times, January 7, URL: http://www.ecommercetimes.com/perl/story/?id=2244 Powell, S., & Shim J. P. (2009). Wireless Technology Applications, Management, and Security. New York: Springer. Turban, E., King, D., Lee, J., Viehland, D. (2004). Electronic Commerce: A Managerial Perspective. New Jersey, USA: Pearson Education Pty Ltd. Read More