Like it or not, the internet is here to stay. It has the potential to transform just about every area of our lives, including the insurance industry. That's very exciting. However there is real concern about how secure the web is for transacting business and handling information.

Recently, a leading bank and a building society admitted that hackers have been able to gain access to significant areas of their internet banking operations, view and often download the account details of customers.

Convincing customers that the internet is a safe channel for their personal and financial information, especially their credit card details, is a major area of concern. It seems business users, as well as consumers, will only use a website if they are sure that the information they provide is secure and cannot be compromised.

One of the main problems is that many companies rushed into ecommerce without properly considering security measures and the implications of ignoring them. Fired up by the hype, they developed their transaction processing operations with insufficient thought for the security and protection of their clients' details.

The recent cases have damaged the reputation of almost all ecommerce ventures and it may be several years before these initial security fears are laid to rest. Naturally, this uncertainty will also continue to colour the attitudes of business users in the insurance industry.

A recent joint study by Deloitte & Touche and the Information Systems Audit and Control Association, provides a list of key security problems associated with online businesses. These include:

  • interception. Because information is usually transferred in unencrypted, plain text, information such as credit card details can be viewed and modified at any point between the client and the server
  • redirection, also known as “spoofing”. Here, a hacker can impersonate a web service or misrepresent a website or organisation
  • identification. It is easy for people to assume a different or fraudulent identity on the internet
  • exploitable program errors. All computer software, including webservers and browsers, is prone to errors or “bugs”. These weaknesses enable hackers to commit unauthorised actions or website vandalism
  • weak client security. Even though software manufacturers regularly issue programs to correct security problems, only a small number of internet users actually perform the updates.

    I love you

    There are a host of other problems to add to this list. Viruses, for example, are in constant circulation and last year's “I love you” virus is still fresh in everyone's minds. While the technology to fight off attack from viruses is moving fast, so too are the hackers, who are constantly developing new viruses to take advantage of weaknesses in an organisation's computer network.

    If you have already moved into ecommerce and are now wondering if you should have done so, all is not lost. The technology to secure your existing technologies is becoming reasonably well understood and standardised.

    The best way to keep an intruder – an IT term for someone attempting to break into or misuse a website/network – from entering a network is to provide a security firewall. This is a combination of hardware and software that separates a local area network into sections for security purposes. All connections to and from the corporate network initially pass through the firewall, which acts as a gatekeeper. It allows valid work requests and blocks all other transmissions.

    Another line of defence is user authentication. Basically, a user must enter a password as a digital key to enter the computer system. User authentication can be incorporated into a firewall, a particular application, a document or a network operating system.

    An organisation can also use data encryption to protect information in transit. Data encryption is a method of scrambling the information, or data, into an unreadable form before it leaves the company network. When the data arrives at its proper destination, a key decodes the data bits back into understandable information. The most popular method of data encryption is SSL (secure sockets layer), which gives users the assurance of near total protection.

    Firewalls, user authentication and data encryption are the methods most widely used by companies to protect themselves from unauthorised access. But digital certificates, intrusion detection systems and virus protection software are also worth considering. In addition, companies should tackle carelessness, which can be a key factor. Awareness training and education should be used to remind staff that an internet security breach could seriously harm the organisation.

    Intruders kept at bay

    Protecting an organisation from the perils of hackers is similar to a job as a security guard on the night shift: as long as he stays awake and keeps his eyes open, the chances are that nothing will happen. However, there is still a remote chance that someone from the outside could get in.

    Software and hardware configurations keep most of these intruders at bay, but being able to instantly recognise abnormal activity is the best method. This requires well trained IT staff who constantly monitor an organisation's network.

    Ecommerce players are now realising that security is an essential requirement. In the past, security has been an afterthought, but attitudes are changing as the very nature of ebusiness requires a company to expand its reach and provide customers, partners and employees with access to corporate and personal information. Ecommerce insurance companies, like all ebusinesses, need technology that enables them to go beyond their traditional boundaries and securely extend their business and transmit data through the web.

    Security requirements can change frequently, so keeping up-to-date is not so much a luxury as it is a necessity. But as technology continues to evolve, and software and hardware improve, the time will come when hackers are finally forced to stay outside company walls.

  • Mark Birrell is CEO of Wildnet New Media Group. Wildnet constructs, manages and markets trading websites for the commercial insurance industry.