security report

SECURITY REPORT

Electronic Commerce is often referred to as E-Commerce or eCommerce. E-Commerce entails a person buying or selling products and/or services over an electronic system such as the Internet. It specifically refers to the buying and selling of goods by transferring funds from one account to another. Transactions made with a customer and ASOS.com are part of the E-Commerce process.
With the rapid growth and spread of the Internet, E-Commerce has become a part of many people’s everyday lives. However, creating a revolutionary way of purchasing goods has also brought about many new threats and dangers that online customers are now at risk of.
Although, there are many advantages of purchasing goods online; someone that is housebound can get their food shopping delivered to their house via the Internet, someone that is time-poor can order Christmas presents, birthday presents, food shopping etc. online and get it delivered the next day etc. and someone that does not have the sufficient money to pay for petrol to pick up a product that is only stored in a certain area of the country can buy it online and get it delivered to their house, there are many disadvantages of purchasing goods this way.
E-commerce is more susceptible to threats than normal commerce as confidential details are needed when buying something online. For example you always need to write your address, your full name, date of birth, delivery address, billing address and your credit card details (unless you have a PayPal account). Whereas buying a product in a shop, you do not need to give any of these details, you only need to place your credit card into a machine and the company and your credit card company are the only people that are able to see this information. Whereas shopping online, in unfortunate cases, hackers and viruses can enable your information to be broadcasted.
There are many problems that have arisen from the evolvement of the Internet – allowing us to purchase products online, however, there are methods to help prevent these threats and dangers occurring.
Viruses are a computer program that can copy itself and infect a computer without the permission or knowledge of a user. Viruses normally attach themselves to computers that do not have up-to-date virus software and also, can be uploaded to your computer via opening an email with an ‘infected’ attachment in. As E-Commerce has evolved, virus makers have realised an easy way to get onto someone’s computer is by sending fake emails from online shops etc. urging them to open a very important attachment about their most recent purchase. People that are not aware of the dangers of opening emails that they do not know who are from or do not know how to tell between fake emails and real emails open these attachments and without realising, upload viruses to their computer which can be fatal. Information can be deleted or taken for harmful purposes. A way of preventing viruses from getting onto computers is by installing Anti-Virus software. There are many different types of anti-virus software, however, the most popular one is Norton Anti-Virus Software. This piece of software gives your computer protection against viruses and this software also includes protection against spyware. Regular updates and renewals are available from the website so the websites can always make sure their computers are safe from viruses and spyware.







Hackers are individuals that try to gain access to computer systems or networks without the user’s knowledge or consent in an attempt to steal sensitive and confidential information. E-Commerce websites such as ASOS.com have to be extremely careful that all of their computers and systems have sufficient methods to prevent hackers gaining access to their databases as websites keep personal information about their customers such as addresses and credit card details, which hackers could use to thieve someone’s identity or commit fraud. Hackers often create software that try to guess passwords by guessing millions of different combinations. There are methods to prevent hackers from gaining unauthorised access to networks and computer systems such as Firewalls. Firewalls are a combination of hardware and software that can be configured to block access to a network or individual computer to all except known IP addresses. Also, firewalls can be configured to block outward access thereby controlling the web sites that employees can visit.





This piece of software protects against hackers, spyware and viruses. It is easily installed and enables rapid automatic updates to come to your computer without user intervention and can be as regular as every hour. This software would be very beneficial to ASOS.com as there are hundreds of thousands of hackers that are trying to get into different computers and networks everyday, so therefore they need good protection and regular updates to ensure their computers are safe from hackers and other threats.




Spyware are programs that are installed into your computer without the user’s knowledge. Spyware is often found on most computers however some computers that hold very confidential information need to protect themselves against spyware. Spyware is installed onto your computer when a user goes onto different websites. It then sends back information to where it came from about activities on the computer and it can also open your files and send back any information it thinks is relevant. This can be extremely dangerous for computers at ASOS.com as they hold information about the website, its customers and their products and if this confidential information was sent off to the wrong person via spyware, there could be severe consequences. Websites such as ASOS.com need to protect all of their computers from spyware as although a lot of the time it can be harmful, it can also bring about major problems for its customers if their details are stolen.


This Anti-Spyware software is available to download from this company. It uploads frequent and advanced updates to the computer. It also detects and removes all spyware and adware programs that are uploaded to your computer. ASOS.com is a large company so downloading this software will be too time consuming so they would be advised to use something like McAfee's Secure Web Gateway as caters for a larger network.

An External Hard Drive When hardware fails, it can be very annoying as a user may lose the work they were currently working on. If their hardware cannot be fixed and a backup of the information kept on that computer was not made, then the user will lose all of that work and information. A way of preventing loss of information is by backing it up. Every large organisation like ASOS.com should back up their data as important information about customers that could bring in more business for them, such as email addresses and address, could be lost permanently. The most beneficial way of backing up information for ASOS.com would be a full then incremental back up. This is where a full backup of all files is taken and then at regular intervals after that new or altered information is backed up, this is less time consuming and uses less space when backing up as only information that has changed or has been added is backed up. This information can be stored on any memory apparatus but the best one would be an external hard drive as these can be easily transported and can hold a lot of information.




Also, when hardware is being fixed, care should be taken with what company the technicians are from and their work should be overseen, as although their intentions are most likely to be just to help fix the computers, they may be able to see confidential and sensitive information of their customer’s. Their information could be taken secretly and used to their own advantage.
There are many reasons why information should be backed up. Including the above, another important reason why data should be backed up is that natural disasters happen unfortunately and are increasing with the rise in global warming. In America, hurricanes are not unusual and tsunamis are now occurring which can completely destroy hardware and information. Flood and fires are also very common so therefore a back up copy should be made and kept away from the original source is.

To improve security systems within a company, it is also a good idea for organisations to carry out a risk assessment along with the above methods or preventing danger and threats. Doing this will help to identify potential risks faced by the organisation’s systems. The first step is to identify any possible threats, which could be human error – an employee accidentally deleting the wrong files etc., unauthorised access via wireless links, whether employees work off-site or travel with laptops etc. Once these risks have been identified, they are classified as high, medium and low and spending on protection can be prioritised.
Threats can come from inside an organisation as well as outside and although human error is accidental, it can have very bad repercussions.
However, there can be dishonest employees working for ASOS.com and therefore the company needs to make sure that they ensure the correct and sufficient methods to prevent these employees from getting sensitive information and using it to their advantage. Most companies allow employees to have a different amount of access to their databases and files. If a specific person is not allowed access to certain files then they will be denied access and a dialogue box on the computer should appear explaining how they are not authorised to view these files. An example of this at ASOS.com is that some employees do not have access to financial files and databases but the finance department do etc.
This method can also be used with preventing employees going onto dangerous and potentially harmful websites.

A Dialogue Box Explaining How Access Has Been Denied


Also, if passwords are allocated to certain files and databases and only authorised people are told the passwords then this is another way of preventing unauthorised employees gaining access to files they are not allowed to see.



Biometric Security Although data in a computer can be secured with passwords, encryption and different access levels etc. it is always a good idea to have physical security on computers. Locking rooms whenever they are unattended, having relevant padlocks to make sure hard drives do not go missing. Some organisations install biometric security locks that a fingerprint or similar has to be presented before the lock will open.



Terrorist attacks are becoming more frequent unfortunately and companies such as ASOS.com need to make sure that their information is encrypted so that no information can be stolen and used whilst it’s travelling across the Internet. Information can be scrambled according to an algorithm and it can only be translated back to the original by a computer that has the correct unscrambling software. So therefore if there are hackers and terrorists that are trying to take information to cause harm, they will not be able to understand the data as it will not be readable or make sense. Personal data such as credit card numbers are often encrypted to prevent the threat of identity theft and fraud etc.

Another preventative method of securing a safe transaction between a customer and an E-Commerce website. Secure Electronic Transaction (SET) is a standard protocol for securing credit card transactions over insecure networks, specifically, the Internet. SET is not itself a payment system, but rather a set of security protocols and formats that enables users to employ the existing credit card payment infrastructure on an open network in a secure fashion. Websites such as ASOS.com should make sure SET is occurring when customers are purchasing off of their website.

As the Internet has evolved and things like E-Commerce have been created, the government have realised that necessary legislation has to be made to make sure that people are protected when they give personal information to companies such as ASOS.com.
The Data Protection Act is an act that first became a law in 1984 and was updated in 1998. The Act was the consequence of increasing concern about the number of computer-based systems that stored personal data. ASOS.com have a database with thousands of people’s personal information in such as their addresses, post codes, full name etc. so need to abide by the laws set out in this act.
Some people become very worried at the ease of transmitting data and to what purposes it is being used. Although there are exemptions from the act; when data is required for medical or state security purposes, any company or organisation that does not comply with the laws within the Data Protection Act will be prosecuted.

The DPA established the concept of;
· Data Controllers – those who held the personal data.
· Data Processors – those who process the data on behalf of a data controller.
· Data Subjects – those whom the personal data is held.
· The Information Commissioner – a government controlled office that keeps details of and regulates the data controllers.

The Data Protection Act principles:
· Personal data shall be processed fairly and lawfully.
· Personal data shall be obtained only for one or more specified purposes and shall not be further processed in any manner incompatible with that purpose or those purposes.
· Personal data shall be adequate, relevant and not excessive and not excessive in relation to the purpose or purposes for which they are processed.
· Personal data shall be accurate and where necessary kept up to date.
· Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
· Personal data shall be processed in accordance with the rights of data subjects under this Act.
· Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
· Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

However, there have been some criticisms of the Data Protection Act.