Are Your Company's Data Safe on the Web? Managing your business through the Internet could save you a bundle. But some say you could end up exposing sensitive information. They're wrong. Here's why.
(FORTUNE Magazine) – I came across an Internet service the other day that played down the fact that it was on the Internet. This wasn't because the Internet has lost some cachet with Nasdaq's gyrations. The company was being cagey because its service, which offers to magically synchronize data among PCs, uses the Internet to get your information to its storage devices.
I can understand the company's reluctance. A number of well-publicized hacking cases have made consumers gun-shy about Internet security. Disclosures that one hacker had Bill Gates' credit card number only heightened the paranoia. After all, if Mr. Gates can't protect his data, who can?
Ironically, rising concern comes just as more companies turn to the Net for business transactions. Small businesses are particularly enthusiastic about this cheap alternative to private (if more secure) connections.
The hottest development in software is the so-called ASP or application service provider, which gives users inexpensive access to complex computer programs--over the Internet. It's a paradigm that echoes the age of Big Blue; ASPs put software on servers and give you access over a public network. Your PC becomes a not-so-dumb terminal connected to a program that you probably couldn't afford on your own.
The hitch: You end up sending presumably valuable data coursing throughout the Web. Newcomers will be dismayed to learn their data will bounce across a half-dozen anonymous computers on its way to its destination.
Happily, there are solutions. Encryption, the process of coding data to hide its content, has come a long way. You do hear a lot about encryption failures; those stories grab headlines. But what gets lost in those reports is the fact that most data transmissions are highly encoded and extremely difficult to break. The few successful hackers have computing power well beyond the means of the average user.
It is also true that no code is unbreakable. If you use the Net for business, you should consider, case by case, how sensitive the information is. This sorting process is important. After all, some of the same people who scream about the pitfalls of Internet secrecy routinely hand their credit card over to total strangers in stores or restaurants. But most cardholders aren't thinking about that kind of theft.
In fact, the data small businesses transmit on a daily basis are not particularly valuable to anyone outside the company. Even with information that would matter to a direct competitor--such as sales figures or inventory reports--that competitor would have to be in a position to grab and decode it. This scenario is not impossible but hardly likely.
The exceptions are companies in defense work or in other highly competitive industries where the players are technologically savvy--and might be willing to pay a lot for a peek at your data. In this case, encryption is readily available. For example, even the ordinary browser, increasingly used as a window into these Internet-based applications, can be updated to a more rigorous level of security called 128-bit encryption. You can also get fixes to tighten your e-mail program's security. One of the best-known is a coding scheme called Pretty Good Privacy. PGP is a public-domain product that scrambles e-mails before they're transmitted. The recipient needs "public key" software (and a password) to decipher PGP messages.
Another increasingly popular approach is the Virtual Private Network. VPNs, which can be hardware or software products, can automatically encrypt all your transmissions before they go over the Internet, then decode them at the other end. Anyone trying to tap your communications along the way will capture only a meaningless stream of data.
Bottom line: Look for the icon of a closed padlock or of a chain at the bottom of your browser screen. That signals a secure connection--which is really all you need. If you want to go further, there are many options. The most difficult aspect of privacy may be psychological: accepting the idea that your data will be careering throughout the Internet.
As for Bill, it appears that somebody hacked his credit card records off an e-commerce site--hardly something a casual hacker could accomplish. Many companies have tightened their security measures since.
JOEL DREYFUSS has been writing about technology for 15 years. He can be reached by e-mail at firstname.lastname@example.org.