website investigation
potential threats to data
how effective are eBuyer’s security measures?
In this final section of the report I will attempt to analyze the threats to eBuyer customer’s data and try to assess how effectively the company’s preventative measures square up to them. Firstly, I would like to mention, that having researched both the threats and the protection techniques, I think that it is possible to prevent all of the threats. I also believe that the legislation concerning personal information is very comprehensive and the government provides a lot of helpful information to data controllers especially via the Information Commissioners website.
In my honest opinion, eBuyer’s whole operation is incredibly secure. Thawte – the company they use for security, has been providing secure communications to organisations and companies for over 10 years. They are a very experienced and trustworthy company. Below I am going to compare the threats with the protection provided:
Data intercepters vs. SSL and Encryption
The secure socket layer protocol used by eBuyer provides more than adequate protection to customers. When sensitive information is sent over the Internet, only the part of eBuyer's website that the data is intended for can decode it. Ebuyer uses 128 bit high-grade encryption which is very good indeed.
Hackers vs. Firewalls and user passwords
Firewalls on their own, are not effective enough to keep the most skillful hackers out. Therefore eBuyer needs to have other security measures in place behind the firewall. Such as users accounts and passwords with different access rights. Most devastating attacks come from the inside so maybe a second internal firewall is required between the customer database and the rest of eBuyer's internal network to make the security measures extremely effective.
Accidental loss/damage vs. Back-ups
The data held on eBuyer's web servers and other computers must be physically secure as well as secure from attack via electronic means. An effective measure is storing computers in a locked room to which only authorised staff have the key. Copies of back-up disks or tapes must also be kept secure. It is unwise to store back-ups in the same room as the server (since a fire or other catastrophe could destroy both), so they should be stored securely at another site to be effective.
Viruses vs. Anti-virus software
As well as hackers, viruses are a major problem to eBuyer. For effective protection against these eBuyer must make sure that all their system's virus-detecting software is updated daily so it will be able to catch the latest viruses and save the customer's personal data being infected.
Conclusion
Overall, I think that eBuyer does protect customer's data effectively. I do admit that it is quite hard to assess the company's security from the outside, but I can tell that they do take security seriously by examining the company that they use for all their security needs and by eBuyer's general attitude towards security. One security feature that I found very notable was a password strength indicator (shown below). This feature and other extra little security 'touches' give customers extra assurance and confidence in shopping online with eBuyer and decrease the overall effectiveness of the risks.
Below is another "little security touch" eBuyer has implemented: Session inactivity time limits!
This section ends my study into eBuyer's operation, the next section will study a data set.
Click next to continue...