Best Practices for E-Commerce Self-Defense


Attacks on e-commerce Web sites have online
merchants in a cold sweat over downtime-induced
revenue losses. But Web-savvy CPAs can help clients
by offering these e-sabotage prevention tips.
  • Conduct a risk assessment of the enterprise. If possible, do it before implementing technical controls so that weaknesses can be eliminated before costly adjustments are needed.
  • Develop security standards. Communicate security policy to employees so they understand their responsibilities, the penalties for violations and what to do if they suspect online security has been breached.
  • Test defenses. Conduct a full systems audit, testing security—especially firewalls—to identify potential weak points, including remote access to systems by e-mail, the Internet and telephone.
  • Get an independent opinion on security measures. Have an objective outsider evaluate overall online security, including firewalls, antivirus software and risk analysis tools.
  • Limit access to e-commerce controls. Give access to the fewest people and the fewest systems possible for the minimum time it takes to perform essential functions. Use authentication tools, such as passwords, smart cards and digital certificates to verify identities online.
  • Use firewalls to block intrusions. Pass transmissions through a control point where they can be checked for compliance with security provisions.
  • Monitor employees’ online activity. Use systems management tools to enforce security policies consistently across multiple online environments and to automate user access. Use e-mail analysis tools to intercept and scan e-mail for possible security violations.
  • Monitor networks for unusual activity. Determine whether installing additional security measures or systems resources, such as RAM, would reduce the impact of a hacker attack. Also, use intruder detection software to maintain overall awareness of possible threats to systems—for example, surreptitious large-scale incursions during diversionary attacks.
  • Consult the Internet service provider. Determine whether it can block attacks before they reach company systems.
  • Inform the proper authorities when systems are violated. Stress the importance of preserving system activity logs, which may help identify intruders.

Source: AICPA Assurance Services Division, 2000. For information on CPA WebTrust, go to www.cpawebtrust.org .

SPONSORED REPORT

How to make the most of a negotiation

Negotiators are made, not born. In this sponsored report, we cover strategies and tactics to help you head into 2017 ready to take on business deals, salary discussions and more.

VIDEO

Will the Affordable Care Act be repealed?

The results of the 2016 presidential election are likely to have a big impact on federal tax policy in the coming years. Eddie Adkins, CPA, a partner in the Washington National Tax Office at Grant Thornton, discusses what parts of the ACA might survive the repeal of most of the law.

QUIZ

News quiz: Scam email plagues tax professionals—again

Even as the IRS reported on success in reducing tax return identity theft in the 2016 season, the Service also warned tax professionals about yet another email phishing scam. See how much you know about recent news with this short quiz.