Contemporary Management : The impact of Security on E-Commerce - Essay Example

The impact of security on e-commerce Name Course Institution Professor Date The impact of security on e-commerce Executive summary E-commerce has been on the rise for the past decade and continues to increase. Most businesses go online due to the discovery that e-commerce reduces costs and increases sales. E-commerce enables businesses to pass information to their consumers in an instant way. The consumers prefer online shopping because they easily window shop before settling on a specific product. Competition for online businesses is also easier because they easily see each other’s websites. However security is the biggest challenge facing e-commerce .The degree of privacy and confidentiality required in e-commerce is high. This is because sensitive and important information is shared between the buyers and sellers. Price quotations, order placements, credit card details, and payment are all transactions undertaken online. Interception of such information by people with bad intent is a disaster. Hence the public is careful to deal only with online businesses that have effective security measures on their websites. Web security comprises of many elements. Hardware and software of the client and the online business need to be secured. This should prevent interception of important information being transferred from one computer to the other. Security of e-commerce affects management, technology and organization. Management Venturing into e-commerce business requires planning and strategy. The management of an e-commerce business has differences from the traditional commerce. Hence all aspects of online business affect management (Tassabehji, R, 2003). An e-commerce business requires an individual to hire a management team that can handle the risks and growth of online business. Business managers realize that specific training and security awareness education is necessary for their employees. This is because employees often make mistakes that create security attack opportunities. Security products work more efficiently alongside network professionals with tactics to protect their networks. The importance of website security should be well understood by all employees. Always identify the risks involved in online business and teach them to the team. Roles and responsibilities for e-commerce security should be clearly defined (Enarsson, L. 2006)The most common e-commerce security threats include: theft of client data, theft of intellectual property, denial of service, web site defacement, financial, sabotage of data or networks. The exposure and understanding of a person on risks involved in online business determines the policies and operational practices implemented for that particular company. The management of an e-commerce business needs to create a department dealing with risk management and security of the site. Therefore despite the reduction of cost in areas concerned with marketing, cost is incurred in securing the website of a company. E-commerce security impacts management in the sense that the creation of a security and risk managing team is required. The team is accorded the responsibility of selecting the best acquirers and service providers. The ability of a company to protect the privacy of confidential information is a key measure of e-commerce success (Bak, O., & Stair, N, 2011). An online retailer with a poor reputation of protecting customer information is bound to lose customers. Customers deal with companies who have a reputation of securing the customers personal information. Brokers, accountants, agents, bankers, insurance agents and other online retail service on line providers strive to assure customers of the safety of their sites. Most risk managers and online marketers provide virtual evidence of security on the websites. Quotations from newspapers, other customers using and enjoying the services or products offered on the site, testimony for other customers, and expert witness statements are other strategies used to reassure customers on the safety of their site. The business also needs to create trust between them and their customers. In traditional commerce gaining the trust of a customer ensured the business person customer loyalty. The same rule applies in e-commerce.one of the main methods of winning a customer trusts is by including a reliable third party (Khosrowpour, M, 2008). The third party acts as an intermediary who receives payment and authenticates the seller. Security is a major strategy for success of e-commerce business. In e-commerce security entails protecting the entire business and not only the information involved. Contemporary management defines e-commerce security in five terms: confidentiality, integrity, availability and accountability. Confidentiality entails protecting the privacy of data on hosts or in transit. Integrity is assuring the customer that no information is corrupted or information changed maliciously or accidentally by unauthorized persons in the system. Availability refers to the efficient working of the software and hardware of the system computers. The recovery speed of the system from a disaster also determines its availability (Khosrowpour, M, 2008). Each action has results. The ability of a system to determine the party responsible for the action defines its accountability. E-commerce business owners and managers also face major consequences if their security fails them. Due to competition, businesses choose to post information and new applications first the deal with security later. An attack on the new apps requires last minute security implementations which cause loss of profits. Any real or perceived security issue results in a loss of customer confidence. This damages the image and security of the business. Reinstating a good image and reputation for your company may take very long. This is because the customers will run to the competition that does everything to keep them. This strengthens the competitor greatly and may result in the company’s bankruptcy. E-commerce management cannot handle security on its own. Governments come in to create policies and regulations enabling businesses to secure their online businesses. The accessibility and usage of suitable technology is determined by a country’s encryption laws. The laws offer a control system over the use and sharing of personal data. Fines and consequences are also outlined for violations of these laws. Accessing on-line business increased due to the introduction of wireless devices like cell phones (Bak, O., & Stair, N, 2011). These small portable devices pose a security challenge due to their characteristics of limited memory, limited processing power, small keyboards and screens, and limited power supply. These characteristics are suspected to be mediums that transfer viruses without detection from network to network. The vulnerability of data interception through air is high. This is because it can be done without using expensive equipment. These devices increase the vulnerability hence physical security and authentication is required. E-commerce businesses need to lobby for standardized international laws against cyber crime. In some countries no laws are implemented to prevents and punish cyber crime (Joseph, P. T, 2008). This causes e-commerce businesses many losses. Some viruses spill over to other countries that have laws against cyber crime but nothing is done due to jurisdiction issues. Business managers in countries without laws need to be extra persistent on security. Regular audits, reviews and assessment of security should be performed to keep the management sure of its security level. Backup and recovery plans should be put in place to ensure businesses do not suffer huge losses. Technology The impact of security on e-commerce is very visible. E-commerce involves the usage of computers and the internet. All this components are based on technology. It is no wonder that e-commerce security involves a lot of technology (Khosrowpour, M, 2008). Security on e-commerce causes tremendous and rapid changes on technology. This is because the advancement of cyber crime is met with advancement of security. New viruses and hacking techniques develop daily. This requires a counter by creating new and stronger encryptions and anti viruses. Encryptions and ant viruses provide the privacy and security greatly needed by online businesses to provide security. Therefore a business owner should ensure the service provider offering security services has the best encryption and antivirus set ups. Man technologies have been created to counter interception of information from sender to receiver. Cryptographic technologies are among those created to mitigate the vulnerabilities of e-commerce. Public key cryptography is one of the most common cryptographic technologies. It is the combination of two technologies (modern and traditional) to encode and decode. Two keys are used in public key cryptography, one encodes while the other decodes. This technique is referred to as asymmetric encryption based on prime numbers mathematics. The encoding key is freely distributed and is referred to as the public key (Bak, O., & Stair, N, 2011). The private key is put in safety by the user and is used for decoding. The sender of the message encodes the data on the recipient’s public key. The vulnerability of the data decreases because only the private key holder can decode the message. Therefore even if it is intercepted, the person cannot decode the message. This technology is an improvement from the secret key cryptographic which used one key to encode and decode information. Westby, J. R. (2004).The public key cryptography used the numeric position of the letters in the message to encode them. If the message lengthened the numeric encoding would repeat itself. The ease of the encoding created ease of decoding for the hackers. Also the private key could not be properly hidden. The public key is created and placed where anyone can access it or to those requiring it. The private key is created and secured. The interception of a message weakens the keys secrecy. Frequent interception eventually breaks the secrecy of the key. The security of the technique is rendered useless ones the person intercepting the messages can create messages and encode the created version. Pretty good privacy is an implementation of public key cryptography. It is purchasable at a computer store and downloadable from the internet. PGP allows the user to create a pair of keys. The publication of the public key is possible on the PGP key server. This creates and affirmation that only the recipient can decrypt the encrypted message. However the verification that the message was sent by the stated sender is missing. PGP is supported by most popular e-mail programs. However it is still possible for an individual to create their own PGP public key. To ensure the message is safe an individual can encrypt their message using two public keys: theirs and the recipients. E-commerce utilizes pretty good privacy in its transactions (Khosrowpour, M, 2008). The transmission of purchase information from the server to the seller and payment information from the server to the bank is done through PGP encryption. However this application is mainly applicable for small operation business. The verification of sender identity is quite challenging with PGP. Therefore big money and high volume sales may be quite risky with PGP. Digital certification is another security measure undertaken in e-commerce to provide security. There are two issues surrounding a digital certificate; first it is an electronic document verifying the identity of its holder after verification by the certificate authority. It is a piece of data validating the legality or existence of an online business. The digital certificate assures the customer that and online retailer is existent, honest and recommendable (Khosrowpour, M, 2008). The contents of a digital certificate include: the owners public key, the owners identity, the issuers identity, a serial number, the issuing and expiration date, the issuers digital signature. A digital certificate mainly verifies the sender of data by approving their public key. Hence the person receiving the data is sure of the person that sent it. Before transactions proceed, the participating parties verify each other’s certificates. In regards to Westby, J. R. (2004).Internet security remains unsafe due to the invisibility of the server’s digital certificate. Digital signatures also validate reception of the message or data. A digital signature comprises of a hash function run on the sent data with an encrypted result. The digital signature is included in the data so that the decoding program puts it aside and runs the same function on the same original message and compares results. The encryption is possible with a public key and decryption with a private key. Encryption with a private key and decryption with a public key is also possible. A message digest results from running the hash function. A digital signature is therefore a message digest (Tassabehji, R, 2003).A digital signature is not a secret hence it is encrypted on the sender’s private key. Public and private keys alongside digital signatures and certificates create internet public key cryptography. Secure socket layers is another system of internet security. It is based on a set of procedures, transmission control panel/ internet protocol. The information is attached to an error control after being broken into packets and sequentially numbered. The packets are dispatched to different routes reassembled at their destinations through transmission control protocol/ internet protocol. Digital certificates and PKI are applied in secure socket layers to ensure privacy Westby, J. R. (2004). Privacy, integrity, authentication and non-repudiation are the basic principles of security. E-commerce requires these techniques applications to maintain data. The demand for better e-commerce security increases regularly. This provides an opportunity for security services to rise. The cost of security therefore increases. Security on e-commerce continues to promote the growth of technology. This is especially in the internet, banking, computer and shopping sectors. Technology on e-commerce security remains on the rise due to the increased wireless and portable devices which continue to jeopardize the security of online business. Organization An online business is characterized by some differences from the traditional commerce. Among them is the intense security and privacy required on an on line business. Security of the highest technology cannot work well without proper implementation. Therefore the business requires assigning a team to implement security measures. Unlike normal commerce, e-commerce requires creative marketers. Marketers were traditionally known to be good public speakers and presentable people (Joseph, P. T, 2008). E-commerce requires a marketing, web designing and graphics team that will create an attractive website. However, they require basic knowledge on internet security so that they do not leave loopholes for security attacks. Employees and users often make mistakes that increase the vulnerability of the web site to security threat. These calls for a stand buy engineering team that can fix the problem quickly before it causes an alarm among the users. In the event a business is unable to maintain a technical team to maintain their software,a service provider should be hired to maintain the web site for them. Due to security concerns, most online businesses offer twenty four hours of service. This prevents users from making mistakes that jeopardizes the security of the business as they try to order or contact the retailer. This is also different from traditional commerce where retailers opened shops in the morning and closed them in the evening. The business also needs to keep its security updated (Enarsson, L, 2006).This means that seminar attendances on security issues are important. It also enables the business to understand the new risks that face it. As the marketers continually create new applications and add new products on the website, immediate security settings are necessary. With all these matters of security at hand some additional departments should for adequate development of security policies, separation of duties, risk management, security assurance and access control. Conclusion In conclusion, the creation of a chain of responsibilities, organizational processes provide vital security protection. This protects the organization from external and internal intruders. Failure of having proper organizational and technological systems in place results to huge losses. In the event a client sues the company for jeopardizing their private data, a company with good organization is in a better position to defend themselves than an unorganized firm. Small and medium sized companies do not require all these departments in their organization. However proper records and back up plans always improve the security of your business. Large firms could also separate the operation of wireless and portable devices so as to monitor their vulnerability compared to other computers. Security is a major aspect of e-commerce. It is the basis of important issues to a business like customer trust and loyalty. It determines the amount of customers a business acquires and their frequency of purchasing. Security will continue to be a major determinant of e-commerce management, technology and organization. This is due to the rise in the amount of retailers and consumers embracing it. Different and suitable frameworks for e-commerce continue to be introduced providing suitable work systems for developed and third world countries. References Bak, O., & Stair, N. (2011). Impact of e-business technologies on public and private organizations industry comparisons and perspectives. Hershey, PA, Business Science Reference. Enarsson, L. (2006). Future logistics challenges. Copenhagen, Copenhagen Business School Press. Joseph, P. T. (2008). E-commerce: an Indian perspective. New Delhi, Prentice-Hall of India Pvt. Ltd. Khosrowpour, M. (2004). E-commerce security advice from experts. Hershey, PA, CyberTech Pub. Khosrowpour, M. (2008). Web technologies for commerce and services online. Hershey, PA, Information Science Reference. Khosrowpour, M. (2008). Web technologies for commerce and services online. Hershey, PA, Information Science Reference. Mather, T., Kumaraswamy, S., & Latif, S. (2009). Cloud security and privacy: an enterprise perspective on risks and compliance. Sebastopol, CA, O'Reilly. Tassabehji, R. (2003). Applying e-commerce in business. London, SAGE Publications. Mambi, A. J. (2010). ICT law book: a source book for information and communication technologies & cyber law in Tanzania & East African community. Dar es Salaam, (Tanzania), Mkuki Na Nyota. Westby, J. R. (2004). International guide to cyber security. Chicago, Ill.: American Bar Association privacy & computer crime committee, Section of Science & Technology Law Read More