Security Practices Of Electronic Commerce Companies Should...

It seems that companies too often lose credit card information, social security numbers, addresses, and other personally identifiable information. In each case there are steps that can be taken to mitigate or prevent such damage from occurring. This paper attempts to provide a basic overview of security practices that electronic commerce companies should follow. The first category is building a secure network. There are necessary steps in how a company should approach access into their networks from the outside, from installation of a firewall system, to configuration, and even access control within the enterprise. The second category is data protection. Data must be kept secure not only when it is in transit, or in use, but also when†¦show more content†¦Keywords: network security, electronic commerce, encryption, data protection, vulnerability management, access control, policy Overview of Basic Security Practices for E-commerce Businesses Target, Neiman Marcus, and even eBay have been victims of breaches involving their customer’s sensitive information. Identity theft is becoming all too common as entire dossiers of individuals who have done nothing more than purchase something online are shared, sometimes for as little as a dollar (Follow the Data: Dissecting Data Breaches and Debunking the Myths, 2015). Incidents happen when a company doesn’t maintain physical security of a device, such as a laptop, or when unauthorized individuals obtain access to databases. Every company is responsible for securing the contents of their databases and protecting consumer information. There are various methods to carry out these goals, but an all of the above method is necessary to ensure consumer privacy and confidence. There are six categories in which a company must be compliant in order to protect against loss of information. Each category must be utilized, as a failure in one renders the others useless. In no particular order, these categories are Securing the Network, Data Protection, Vulnerability Management, Access Control, Regular Monitoring and Testing, and maintenance of an Info-Sec Policy. This paper