Why security must come first

Keeping your site secure should be your first New Year's resolution, says Glyn Moody

Keeping your site secure should be your first New Year's resolution, says Glyn Moody

The New Year is traditionally a time of resolutions; often fleetingly kept resolutions at that. But in e-commerce, there can only be one faithfully delivered commitment: to keep a site secure. Without security, every effort placed on design, content and technology is nullified.

If visitors cannot be sure that their details are safe on your website, or that the information they find is reliable, they will not return; and winning back lost customers is even harder than gaining new ones.

In the coming year, there are two main threats in this area. One is obvious, and is already an issue for those responsible for e-commerce security. The other is more subtle, and may not even be apparent to most IT professionals.

The first security threat arises out of the new generation of always-on Internet services. As connection prices continue to drop and services offering almost permanent connections for a fixed price become more common, it becomes much easier for those with malicious intent to scan millions of Internet sites per day. Using relatively unsophisticated tools that are readily available online, these cyber scoundrels can check every nook and cranny of a site in just a fraction of a second.

As a result, if there are any weaknesses - misconfigured software or vital security patches missing - it is almost certain that somebody, somewhere will find it. This, in turn, means that such systems are likely to be compromised seriously. The remedy is eternal vigilance: manufacturers must be badgered into providing up-to-date patches, and security alert mailing lists need to be read every day.

Another important counter-measure is to scan your own site, using the same tools that hackers will employ. In this way, you will know your own weaknesses before they do. However, it is precisely this important way of enhancing the security of a site that is at risk from the second major threat to e-commerce security.

A new Council of Europe Convention on Cybercrime was on the point of outlawing all such cracking tools. Only at the last minute was an exemption for their legitimate use conceded. However, it is clear that security forces around the world would dearly love to ban them completely, and further attempts to do so will surely follow.

Christmas may be over, but there are still lessons to be learned from e-commerce sites, especially around the holidays (the busiest period). For example, alcohol seems to have an established place in the season's festivities, which makes a site like Oddbins particularly relevant. This Web address is actually only a gateway to separate sites for the UK and Ireland. The former is displayed as a separate pop-up window, without the usual Web browser tool bars. This, however, should generally be avoided as it denies the user control.

The whole site is permeated with a lively inventiveness, from small images that keep the visitor entertained as pages load, to descriptions of the total value of the wine in the basket as 'the damage'.

The main problem with this otherwise excellent site is navigation. In the absence of conventional back buttons, it is not always obvious how to return to an earlier page. Indeed, it is often necessary to begin the selection process over again. Perhaps a simpler format would have been better.

Another site that lacks any sense of community is the e-Christmas stalwart eToys. However, it does provide plenty of other features that, to some degree, make up for this. For example, it offers a helpful list of suggestions for different age groups, as well as top-selling items in various product categories, such as software, books and videos.

This is an important element of any e-commerce site. Although much of the power of online shopping derives from the fact that visitors can find exactly what they are looking for, the flip side is that they may be overwhelmed by the range of choice.

For this reason, it is important to provide as much guidance as possible in the form of suggestions and lists. All of these represent alternative routes through the site, a theme that has cropped up many times in this column.

For the rest, eToys is well put together, but ever so slightly dull. There is a certain irony when Oddbins.co.uk, a site for adults, turns out to be more fun than one aimed specifically at children.


Design 5
Navigation 3
Content 4
Community 1
Checkout 3

Design 3
Navigation 4
Content 3
Community 2
Checkout 4

Read more on Antivirus, firewall and IDS products