CYBER SECURITY INFORMER - news and tips to help you stay safe online and protect your network

E-Commerce Web Security Tips for Business

You're shopping online for a nice gift for Mom's birthday. The last thing you want to have to worry about is whether your personal information is going to end up in the hands of hackers. When it comes to e-shopping, there are some simple solutions businesses can take to protect their customers and keep you, Mom, Dad and little Billy and Jenny safe from the bad guys.

This week we consulted Mom4Life.com, a one-stop online shopping site for unique gifts for mothers (and fathers and the kids), about how they ensure that their customers' e-shopping experience is safe and secure.

"Customers are often very pleasantly surprised that we do not have access to their credit card info directly," says Mom4Life founder Heather Lebedoer. "We use both PayPal and Authorize.net as our payment gateways for credit cards. Neither of these systems allow us direct access to the customer’s credit card details.

Giving customers payment options other than credit cards is also a simple but often overlooked solution. "We also allow orders via check for those that are not comfortable paying online. Most of the concerns are from grandmothers that are wanting to place an order and haven’t had as much experience ordering online. We’re able to assure them that their information will be safe."

Privacy policies are also a good point to consider when outlining your business' security strategy. If your company doesn't need certain types of information, don't collect it in the first place. Purge information that you no longer need. Unless you want to build a bad reputation among your customers, don't share the information you collect, since when their email ends up on a spam list, they can make an educated guess about how it got there.

In the next issue of Cyber Security Informer, we’ll be continuing to profile organizations that are helping make the world a more secure place. If your organization is doing its part to build a more secure future by protecting partners, customers, website visitors and application users from cyber crime, contact us today at info@pcis.com

Cyber Security and Your Business - BBB Seminar

A security breach could even lead to the closing of your business, so you need to know how to protect your business and customers at the same time. Vaclav Vincalek, Pacific Coast Information Systems (PCIS) Ltd. President, will equip you with these protective tools.

It’s not enough for owners to harden their network and build security into their online applications, says Vincalek. “In an instant, an employee, partner or customer just surfing the Internet on trusted sites can open up companies to a world of hurt. It’s not just the loss of reputation and regulatory fines companies need to worry about. The immediate loss of revenue from a shut-down in business operations is something that all companies have to learn how to avoid.”

Some of the advice for owners covered in the presentation may seem unorthodox and extreme, but an evolving threat demands strong counter-measures. “Why give your employees Internet access?” Vaclav asks. “Does it meet your business needs? We need to start challenging assumptions that are endangering our companies and provide solutions that businesses can use right now.”

At this presentation, you will learn:

• How and why cyber criminals target your business
• The consequences of a web security breach
• How effective network security, web security and identity management tools and practices can protect your business assets and your customers' privacy

Date: Thursday, May 28
Agenda: 8—8:30 am: Registration and refreshments
8:30—10:30 am: Seminar and Q&A
Cost: BBB Accredited: $25/person
Non BBB Accredited: $45/person
Location: 150 900 Howe Street, Vancouver, BC
Register: Call 604.685.7226     Fax 604.681.1544     Email Susanh@mbc.bbb.org

Webinar on Securing your Online Forms

At the Fundamentals of Web Application Security: Securing Your Online Forms webinar, Boonbox security specialist will review some basic methods used to prevent common web application attacks such as Cross Site Scripting, and SQL Injection. The discussion will involve samples of web applications written in languages such as ASP.Net, and PHP as well as discussing common misconfigurations of web servers.

To register for this free webinar, go to http://boonbox.webex.com/meet/boonbox Click the "Register" link on the right in the Status column for Need for Network and Web Application Security and fill in the short registration form. You will be sent your registration confirmation information and instructions on how to participate.

Date & Time: Wednesday May 27, from 8:30-8:45 am Pacific Time

More event information for Web Application Security Webinar

May 26, 2009

Check out Cyber Security Informer Back Issues

Cyber Security Informer is distributed by:

Pacific Coast Information Systems Ltd. (IT Consulting)

Boonbox, a division of PCIS (Security Packaged Services)

Contact PCIS

Toll-free 1.877.744.7558

In this issue:

* E-Commerce Web Security Tips for Business

* Cyber Security and Your Business - BBB Seminar

* Webinar on Securing your Online Forms

* Hacker Bait 

* Ask A Security Expert

Cyber Security Informer provides security news and tips to help organizations protect their business and their customers. 

Give us your feedback about Cyber Security Informer

Name

*

Company

*

Phone

*

Email

*

Feedback

Please tell us how you found out about PCIS

Please Select One - - - - - - - - - - - - - - - - - - - We've done business with PCIS before A PCIS representative contacted meWord of MouthSearch EngineLink on another websiteNews Article or PublicationPrint AdvertisementOther

 Resources Links:

• Join the discussion about tech trends and IT security on the Pacific Coast Informer Blog
• Types of IT Security Threats and their Consequences
• This Site May Harm Your Computer - How to Remove the Google Website Warning

Hacker Bait

The latest Hacker Bait list contains highly trafficked websites that have been found to have vulnerabilities that hackers and cyber criminals could exploit. 

This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days. These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.

If you would like more information on our data and why these sites are listed here, please contact PCIS

Hacker Bait Sites With Vulnerabilities Discovered in Past 90 Days

Ask A Security Expert

"Isn't it just gambling and porn websites I have to stay away from? I don't think I visit any dangerous sites."

It's a common misconception that if you stay away from websites that you mother wouldn't want you to visit, you'll be safer online and won't have to worry about malware, trojan viruses and the rest of it.

But the issue with websites promoting naked people and virtual casino fun isn't that some righteous and sin-free hackers are installing malware on them to punish the hosts and their curious patrons. These sites are just so popular that they're a natural target for hackers. Insert some malware on this site and in no time, you've got tens of thousands of hijacked computers owned by the website visitors.

But the same rules apply for any popular site. Look at the top sites listed in Hacker Bait to the left of this paragraph. Notice that of all these, none are gambling or porn sites. We've got what appear to be some community forum sites, photo sites, US President's Ronald Reagan's homepage, a coffee website and even some sites that appear to provide free online security services. No virtual poker chips or people in compromising positions to be found.

Not that security through obscurity is a solution, since even websites with very low visitor traffic will be targeted by automated hacker attacks. If you would like more information about how to protect your company's website from hackers, contact us.

Boonbox and Pacific Coast Information Systems Ltd.

Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.

PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.

HOW TO SUBSCRIBE/UNSUBSCRIBE

SUBSCRIBE: To subscribe to Cyber Security Informer, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com

UNSUBSCRIBE: If you do not wish to receive future issues of Cyber Security Informer, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list.

WE WANT YOUR FEEDBACK

Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558