As the internet is a public network with no central control, many people are still uneasy about the concept of e-commerce.
Concerns typically arise in two areas. First, buyers and sellers are involved in a transaction that can feel one-sided because there is no one else present as the commitment is made. This unease is minimised when sites provide thorough information about products or services, the supplier and the terms of business.
Prompt acknowledgement of queries or orders will also help reassure customers that they are dealing with an efficient, professional organisation.
The second common concern is with giving out account details over the internet. But the growing scale of e-commerce and the rapidly increasing number of firms doing business over the web, including banks, suggest that the risks can be minimised.
It is vital to understand that if a business is using the internet, it is responsible for the security of that business’s network, systems and information. It is important to be aware of the security risks associated with trading online; assess the risks the company may face; develop an information security policy for the business and see that the security controls relevant to the business are implemented from the outset.
Staff must know that a security policy is being implemented and the effectiveness of security controls should be monitored and reviewed.
Today everyone from supermarkets to banks are offering internet access services. The much greater choice means that businesses must select carefully. When selecting an ISP it is wise to find out if it provides security advice.
For, further guidance on risk assessment and implementing good security practice, contact the ISI infoline on 0845 715 2000 and ask for free copies of Information Security and the Internet and Information Assurance Guidelines for the Commercial Sector.
Alternatively, visit the ISI web site at: www.isi.gov.uk.
Compiled by the Information Society Initiative in association with The Engineer
* Initially only trade with customers or suppliers you are familiar with.
* Monitor security controls to ensure they are effective.
* Ensure back-office systems are sufficient to handle transactions.
* Staff must be fully aware of, and trained in, security systems.