The internet threat: web security is key in operations and clients.

• Author: Tobenkin, David

[ILLUSTRATION OMITTED]

For many businesses, the Internet has become every bit as indispensable to the marketing of their companies as a physical location. But while securing doors and windows may suffice to protect the physical office, businesses' Web presences offer a plethora of security challenges that must be understood and difficult security choices that must be made.

The good news is that security options for small and medium-sized businesses have increased of late, including sophisticated hardware solutions that combine many anti-hacking softwares in a single device. The bad news is that every day new threats are created. Like the old Spy vs. Spy comic strip in which two spies attacked each other with ever new and rapidly escalating techniques and devices, the hacking and security countermeasure arms race between hackers and security providers never ends. Further, doing business in Alaska presents particular Web security challenges.

IDENTIFYING SECURITY THREATS

When designing a Web security system, the experts say a good understanding of the threats posed and the cost of measures to protect against them is critical. There are three basic threats, said Mark Pelkoski, a senior systems engineer at Portland, Ore.-based information technology provider Structured Communication Systems Inc., which has an office in Anchorage.

The first, defacement, includes alteration of information on a Web site or the planting of false information. Many political hackers will seek to access Web sites to embarrass Web site hosts or promote their own information. However, such intrusions can constitute a direct financial threat to business operations, such as if changes in financial terms on a contract are made.

A second threat is denial of service, which Pelkoski said works under the premise, "I'll stop people from getting to the site and you'll lose money because they can't buy from you."

The third threat is the most serious--blatant theft of information--such as confidential information, customers and credit card numbers. For health care and many financial services providers, this is serious indeed given dire legal consequences for nonconsensual disclosure of patient, client or certain financial information under federal statutes and state laws.

In considering what security measures to implement, a business must analyze which of these threats apply, the nature of its business, and what it is using its Web presence to do. "In general, the more functions a Web site performs, the more security challenges are present and the more complex it is to ensure security," said Andrew Zhelayev, general manager of Anchorage-based information technology consulting, programming and security firm Tex R Us LLC.

[ILLUSTRATION OMITTED]

Web sites that just provide information to visitors to the site on a single page can likely just worry about redirection by successful hackers. But add e-mail, the ability to move between pages, and other communication channels like file-transfer protocol functions, and you have created a system with many more opportunities for security breaches.

When a Web site is further used for e-commerce and engaging in online business transactions, a whole new level of security is needed because of the risk of accessing financial information, and because of security requirements imposed by business service vendors such as credit card agencies. Any significant volume of business online will...