E-commerce

The backbone of e-commerce is dependent upon the element of trust. As soon as the customers trust fades away, businesses and consumers will switch to traditional methods which are more secure and safe. A conflict between convenience and security has always biased and favored towards convenience however the numerous hackers attack coupled with the proliferation of consumers data privacy has gravely endangered e-commerce as a secure market for buying and selling (Marchany  Tront, 2002) This can be reflected by three hospitals network in London being shut down due to infection of a virus called Mytob causing a standstill in it operation for a few hours (GFI Paper, 2008). Therefore, it has become integral for a business that needs to develop a web presence such as Grandmas treats to assess the security risks and concerns and find solutions to mitigate these risks

Risks and Concerns

Authentication and Privilege Attacks
The most widespread and prevalent security weakness for businesses on Internet is the password. Many employees have similar passwords for work and home which may lead to easy intrusion in the firms network space resulting in accessibility of customers personal information and the companys vital documents.

Password policies may be implemented by the company where each employee has to change its password after every fortnight however this may lead to employees writing password on sticky notes hence increasing vulnerable security concerns (GFI Paper, 2008).

Employees
Grandmas treats is an SME hence the system administrator may be multi-tasking the network operations and security which accounts for more access to rights that he or she may hold.  The power entrusted in him can be fatal if he is unhappy with the company as he may leak sensitive companys information or adulterate the database creating huge problems for the company (Wright, 2001).

The USB ports and DVD drives may also act as harming tools for the company as disgruntled employees may leak out large amounts of data out of the company.

Denial of Service
One of the important characteristics of consumers who buy on the internet is the convenience of saving time. If a firm is dependent on a single internet connection, and if that connection suffers downtime, it will negatively affect Grandmas treats due to customers loss in confidence resulting in the loss of business and the firms loss in productivity (GFI Paper, 2008)..

Malicious Internet Content
One of the grave concerns for Internet business is the malware attacks on the network systems which include viruses, worms, Trojans and other kinds of malicious software. Employees may receive emails or they may install pirated softwares which would pave a way for these malwares to enter their system and result in loss of information or hacking the website (Internet Security, 2009).

Social engineering attacks are also becoming very common in which attackers use techniques which are more to do with human nature rather than technological edge. For example, a phishing email will look very familiar to the end users which may result in users filling in their sensitive information such as passwords, pin codes and credit card numbers.

Physical Theft
As technology is getting faster and better, many employees use their laptops and mobile phones to log on to the companys network. Therefore, the laptop may have personal information about company as well as customers. The number of laptops and mobile stolen per year is on an increase and therefore this threat may result in security loss for the company.

Reducing Risk
In order to reduce the risks and concerns in a business while having a web presence, a company should comprehensively delve in to identify the entry point of the problem, approach the person responsible and continually develop contingency policies to prevent future occurrences of a similar concern.

Anti-Virus Software
As discussed earlier, malwares can enter into the system through the websites, emails and USB which can be prevented by installing efficient anti-virus softwares and firewalls (Wright, 2001). As Grandmas treats is planning to establish its presence online, there will be bulks of incoming traffic on its website and emails. In order to prevent malware from entering through its website, each incoming contents should be scanned before going through the system whereas for emails, all the messages should be filtered on the email gateway before entering the employee inbox (Shahani, 2009).

Accountability of Employees
In 2006, Canadian Imperial Bank of commerce lost a hard drive containing unencrypted personal and financial information for 470,000 customers. An organization loses six percent of its revenue to fraud by their own employees according to Association of Fraud Examiners managers misuses the companys information four times more than employees and executives causing 16 times more losses than its subordinates.

The primary task for a company to secure its IT environment is to develop policies which strictly defines the dos and dont for the employees while using their computers. Every employee should be delegated different roles so that the power is shared and impact to the company due to a single disgruntled employee is much less. Everyone should be told how to deal with the web content and emails and what he or the company might face if he takes an unacceptable action. Proper checks and balances should be entrusted on every person so that everyone is accountable for hisher actions. In order to prevent leakage or malware infection, a company may block USB and DVD writer and give these privileges to a few people so that accountability control is more feasible.

Backup System
The most reliable source of preventing data loss is to timely save data in a backup system. In case the hard-disk fails or the user deletes data or induces malware either internationally or unintentionally, the backup system may act up as a reliant system to retrieve customer information, be up-to-data resulting in minimal loss to the efficiency of company hence customer gaining more confidence in regards to the firm.

Minimize Exposure
There is more exposure to a business online which results in a complex firewall setting leaving lags in security for hackers to attack. In order to minimize risks due to more visibility of the business, the company should have simple systems with fewer components, fewer softwares and fewer privileges so that the management of the IT system is more easy.

E-Commerce and Grandmas Treats
In 2005, 60 percent of the cost of the business would be prone to politically and financially motivated attacks (Riley, 2003) Three quarters of organizations suffer at least one severe virus incident in UK every year. In 2006, more than thousand cases of theft of internal data as well as customer data have been recorded by Association of Certified Fraud Examiners. More than 90 percent of internet traffic in 2006 accounted for spam. Privacy rights clearing house estimated 100 million records with personal information being involved in 474 security breaches worldwide (Parent, 2007).

As more and more businesses are expanding through internet, the rate of cybercrime is also increasing rapidly. A research analyst at Butler Group, Alan Rodger said that UK companies must change their thinking security should be viewed as a business-enabling solution incorporating the flexibility to grow and adapt alongside the business operation that it is there to protect - not as a necessary evil (Market Watch, 2005).
Taking security measures incurs cost while doing business however, if Grandmas treats need to survive and be more profitable in the long run, it needs to impart the following measures against possible threats (GFI Paper, 2008).

Adopting a security system
There are various security systems to safeguard personal information while dealing with e-commerce and one of them is Public Key Infrastructure PKI. This system is being widely used in United States and messages can be locked by freely available public keys, however it can only be unlocked by recipients private key. Another efficient encryption system is SSL (Secure Socket Layer) which is primarily used for internet transactions. This tool encrypts the confidential information sent on the internet hence keeping the customer safe from the misuse of personal data. Security electronic transfer (SET) is also widely used for electronic transfers that verify that both parties in electronic transaction are genuine and then encrypts payment and transaction data for security purposes (Smith, 1999).
Along with the implementation of encryption tools, Grandmas treats should also make sure that it uses cookies (Khusial  McKegney, 2005) and tracks IP information of the customer to know if the customer is genuine or a fraud.

Security fear
In 2006, e-tailers lost US  2 million because of consumers security fear. In order to proof commitment to the customers, Grandmas treats should incorporate a security and privacy policy which is accessible to customers on their website. The policy should also state if the personal information will be given to 3rd parties and a choice for customers to opt out of the choice. In order to safeguard personal information of customers, Grandmas Treats should only provide data to third parties which are aligned with their IT policy.

Conclusion
E-commerce provides abundance of opportunities for Grandmas treats by increasing its potential and current customer database while saving costs of a retail space however along with positive aspects, there are various threats that Grandmas treats may face as highlighted in this essay while venturing into e-commerce. However, investing and implementing the security measures mentioned above will facilitate the firm to develop positive, close and strong business relationship with its customers as well as minimal loss in data and security risks.