This article by Andrew Kaufman talks about shortsighted thinking that is prevalent in many companies that do not put in place effective security measures.

Many young, cash-strapped online companies mistakenly consider the security of their e-business a luxury they cannot yet afford, a to-do item for later down the road. This shortsighted thinking is precisely what destroyed one very promising e-business I know in San Francisco. Out of respect for the privacy of this otherwise well-run company, I would like to protect their identity. But their sad tale contains a useful lesson for small businesses everywhere. By telling their story I hope to help other small businesses to avoid making the same mistakes.

This company seemed to have everything going for it. Their merchandise was of the highest quality. Their website looked sharp. The online order process was efficient and speedy. Their excellent customer service was the frequent subject of news articles and customer testimonials. In short, this e-business, it appeared, was doing everything right.

When this company was on the verge of a big expansion, they experienced a security breach. A criminal hacker broke into the company's web site and stole several hundred credit card numbers and other vital customer information. The hacker proceeded to use this customer information to purchase random items from multiple online vendors. The items ranged from books and clothing to artwork and erotica. The hacker used the stolen credit card numbers for the purchases, which totaled more than $20,000. And then, as a practical joke, he had the items gift-wrapped and sent to all of the individuals whose stolen credit card numbers he used to purchase the gifts in the first place!

Unfortunately the identity of the hacker remains unknown to this day. Even more unfortunately, so does the identity of the online company, which was his victim. Consistent with its reputation for good customer service, the online e-tailor offered formal apologies as well as partial re-imbursements to all of the affected customers. The management of the company also assured its other customers that such a breach would never happen again.

These assurances, however appreciated by some of the customers, were not enough to assuage the concerns of several venture capitalists that were interested in investing in the company. Were it not for the one embarrassing security breach, the company would have been a perfect candidate to receive the venture capital they required for expansion. But after almost a year of struggling, the company's search for additional capital has been in vain. The managers of this company have been unsuccessful in persuading their would-be investors that their technological infrastructure is now sound and that their past mistakes would never recur in the future.

The dénouement of this sad tale of corporate negligence and dark humor is that the e-business in question is chugging along today as a minor player in a regional market that they were once poised to dominate. Several other companies who managed to lure investment capital have surpassed the company. Their security oversight cost them their business-literally. What happened to this e-business has the potential of happening at any one of the tens of thousands of small businesses on the Internet today. Too many e-businesses are taking unnecessary risks with their futures by not putting in place an effective security solution from day one. With an overwhelming set of other, seemingly more pressing concerns, these businesses often decide to wait until they become big enough or high profile enough to think seriously about security issues. But as we've seen, these small companies might as well forget about becoming big in the first place if they are the victims of a malicious hacker attack.

Security should be considered one of the most important investments a small, growing online company can make. Certainly, a solid security solution is not all it takes for an e-business to succeed. But the lack of such a solution is certainly all it takes for a small e-business to go out of business-overnight.

Dr. Kaufman is co-Founder of LinuxSolve, Inc., a leading developer and integrator of cost-effective, easy-to-use security solutions for small businesses and ISPs. He may be reached at This email address is being protected from spambots. You need JavaScript enabled to view it., or at 1 800 989 9668, x203.