Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Security is Not a Luxury Anymore for Small Business Print E-mail
User Rating:      How can I rate this item?
Features This article by Andrew Kaufman talks about shortsighted thinking that is prevalent in many companies that do not put in place effective security measures.

Many young, cash-strapped online companies mistakenly consider the security of their e-business a luxury they cannot yet afford, a to-do item for later down the road. This shortsighted thinking is precisely what destroyed one very promising e-business I know in San Francisco. Out of respect for the privacy of this otherwise well-run company, I would like to protect their identity. But their sad tale contains a useful lesson for small businesses everywhere. By telling their story I hope to help other small businesses to avoid making the same mistakes.

This company seemed to have everything going for it. Their merchandise was of the highest quality. Their website looked sharp. The online order process was efficient and speedy. Their excellent customer service was the frequent subject of news articles and customer testimonials. In short, this e-business, it appeared, was doing everything right.

When this company was on the verge of a big expansion, they experienced a security breach. A criminal hacker broke into the company's web site and stole several hundred credit card numbers and other vital customer information. The hacker proceeded to use this customer information to purchase random items from multiple online vendors. The items ranged from books and clothing to artwork and erotica. The hacker used the stolen credit card numbers for the purchases, which totaled more than $20,000. And then, as a practical joke, he had the items gift-wrapped and sent to all of the individuals whose stolen credit card numbers he used to purchase the gifts in the first place!

Unfortunately the identity of the hacker remains unknown to this day. Even more unfortunately, so does the identity of the online company, which was his victim. Consistent with its reputation for good customer service, the online e-tailor offered formal apologies as well as partial re-imbursements to all of the affected customers. The management of the company also assured its other customers that such a breach would never happen again.

These assurances, however appreciated by some of the customers, were not enough to assuage the concerns of several venture capitalists that were interested in investing in the company. Were it not for the one embarrassing security breach, the company would have been a perfect candidate to receive the venture capital they required for expansion. But after almost a year of struggling, the company's search for additional capital has been in vain. The managers of this company have been unsuccessful in persuading their would-be investors that their technological infrastructure is now sound and that their past mistakes would never recur in the future.

The dénouement of this sad tale of corporate negligence and dark humor is that the e-business in question is chugging along today as a minor player in a regional market that they were once poised to dominate. Several other companies who managed to lure investment capital have surpassed the company. Their security oversight cost them their business-literally. What happened to this e-business has the potential of happening at any one of the tens of thousands of small businesses on the Internet today. Too many e-businesses are taking unnecessary risks with their futures by not putting in place an effective security solution from day one. With an overwhelming set of other, seemingly more pressing concerns, these businesses often decide to wait until they become big enough or high profile enough to think seriously about security issues. But as we've seen, these small companies might as well forget about becoming big in the first place if they are the victims of a malicious hacker attack.

Security should be considered one of the most important investments a small, growing online company can make. Certainly, a solid security solution is not all it takes for an e-business to succeed. But the lack of such a solution is certainly all it takes for a small e-business to go out of business-overnight.

Dr. Kaufman is co-Founder of LinuxSolve, Inc., a leading developer and integrator of cost-effective, easy-to-use security solutions for small businesses and ISPs. He may be reached at, or at 1 800 989 9668, x203.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.