Topic Six – Security issues, network and electronic commerce – Task One

When businesses are connected to the internet they become vulnerable and open themselves up to attacks. They need to be vigilant to protect themselves, customer and employees from unlawful action. Businesses need to have security measures in place to protect their financial, personal and customer information.

When researching the topic of security issues, network and electronic commerce I discovered that many of the articles I read mentioned security. Security and secure sites was continually mentioned as a prime concern to customers. Resistance to e-commerce seems to be a result of concerns about security and privacy. I believe that consumer fear is one of biggest reasons that e-commerce has not been as quickly adopted by consumers as initial predictions and has contributed to the failure of many earlier dot.com companies.

The rapid growth of the internet and e-commerce has opened up a new avenue for dodgy behaviour. Internet crime seems easy to accomplish if businesses are not adequately protected. I was interested in finding out was where the most common breeches of security in Australia. The following are graphs showing the changes in computer security breeches over a three year period.

Most common computer crime and security breaches, 2003-06 (percent)



Source: Australian Institute of Criminology 2007. Australian crime : facts and figures 2006. Canberra: AIC
Major sources of financial loss due to computer crime and security breaches, 2003-06 ($ million)
Source: Australian Institute of Criminology 2007. Australian crime : facts and figures 2006. Canberra: AIC

It was interesting to see that there was a general decrease in most of the categories listed. I thought it was significant to note that insider computer system abuse was on the increase. I was wondering if this was due to disgruntled employees. I know when my cousin left a large financial company in the city he was marched out straight out after he announced he was leaving. Is this increasingly done to protect business information systems?

Although not mention on the graph I do believe there is an increase in identify theft. According to a July 2003 Sydney Morning Herald article identity theft in the US an estimated 700,000 people were victims of identity theft. According to the same article Identity theft is costing Australians more than $2 billion a year. The increase in popularity of social networking sites has results in a new source of information for identity theft; some people are just too specific about their personal details on the web. I am amazed at how much information people will place on these sites, some will mention where they live, where they work, what school they go to... way too much information… Sometimes people leave themselves open for criminal activities.

In 2004 my wife had personal experience with a worm attack. She was teaching computers for a term at a school where each child had their own laptop. The schools network wasn’t secure and wasn’t patched correctly so just about all the school got the blaster worm. For the whole term my wife patched computers for 500 students! This is an example of where IT departments need to be on the ball to protect networks from unlawful attacks.

Sometimes hackers are not even cracking the system to access unauthorised information, but are doing it for the sport, just to prove they can do it.

The Australian Government has responded to the increasing criminal and privacy breeches occurring on the internet by developing a number of act and law to protect businesses and consumers from fraudulent acts. An example of this is the Spam Act 2003 which makes it illegal to send unsolicited commercial messages, this includes both email and phone messages. It also has developed a number of websites to help inform businesses, parents and consumers to protect themselves online in regards to privacy and to help them avoid internet and electronic based scams. Examples of these sites are http://www.scamwatch.gov.au/ and http://www.staysmartonline.gov.au/

I think as a consumer you need to protect yourself when doing business online. When conducting transactions online such as banking or purchasing good I look for sites that are secure and protected by Secure Sockets Layers (SSL) the little padlock on the bottom right hand side of the screen. Before studying this topic I did not realise the sites that use SSL protocol often have URLs of https:// rather than http:// and that is protects the personal information while online, by encrypting information passing to and from the web pages. Robinson states that SSL was specifically developed by Netscape to protect e-commerce transactions online.

The major e-commerce structure I use is internet banking. Hoax email or phishing seem to be a major way to obtain passwords and bank account details. My bank requires two forms of passwords for authentication and has just introduced a secure code system that sends a unique password to your phone that you need to enter before the transaction will be processes. Before you log in there is message warns you that the bank will never send you an email requiring account information or send you an email with a link to internet banking.

I am currently working in the banking industry. Protection of privacy and ensuring no unauthorised people gain access to accounts helps maintain our customers trust. The security measures adopted by our company to protect our customers’ information and when banking online includes;
× encryption (using the private key encryption)
× Firewalls
× and secure sessions using SSL
× lock-out after three incorrect login attempts,
× automatic log off after 10 minutes of inactivity,
× Details of your last internet banking transactions
× Security tokens that generate a new password every minute.

Generally I found this topic to be extremely interesting. Businesses must protect themselves, customer and employee when conducting e-commerce. I believe trust is the biggest issue consumers have with e-commerce applications.


References

Robinson, S. (2004). Use SSL to secure your Apache-based e-commerce transactions. Retrieved May 5, 2008, from http://www.builderau.com.au/program/web/soa/Use-SSL-to-secure-your-Apache-based-e-commerce-transactions/0,339024632,320283158,00.htm

Australian Institute of Criminology (2007) Crime and criminal justice statistics. Retrived May 7, 2008 from http://www.aic.gov.au/stats/crime/cybercrime.html

The Sydney Morning Herald (2003) Identity theft a $100-billion industry. . Retrieved May 2, 2008, from http://www.smh.com.au/articles/2003/07/06/1057430077059.html