Beginning Phase
Running Head: PEAPOD ONLINE SECURITY
PEAPOD ONLINE SECURITY
Peapod Online Security
(Name)
(University)
Describe some of the possible risks to the Peapod online store's security system
Identity theft is possible where hackers attack the Peapod central depository (Plunkett, 2008). The attack enables them to steal customers’ information. The attackers can use the information about a client to make orders or to drain customer’s bank account. During the process hackers obtain usernames passwords and credit card numbers. The information is then transmitted to third parties for malicious use.
Hoyer (2013) says that overpayment scams are on the rise and are based on the goodwill of the seller to offer quality customer service without fail. A good may be bought; either by an alleged online transfer or cheque, in which more is paid intentionally than is initially stated. The scammer then requests for the extra amount to be refunded in a hurry. The haste ensures that the seller does not have time to establish that the online transaction didn’t go through, or the cheque bounced.
According to Mahmood (2004), potential and existing customers may be duped by a counterfeit website that offers counterfeit goods. Some sites may claim to be a third-party seller. The third party may be offering discounted services to con people by providing substandard products. That is achieved by hacking the Peapod site and accessing existing customer information. Customer accounts are created in the counterfeit website such that when a client logs in they are redirected to the bogus internet site instead of the main site. Customers make purchases unsuspecting in the bogus internet site. Thus, such sellers will try their best not to create any alarm to keep their operation up and running. Customers end up getting counterfeit goods from the purchases.
Draft a security policy that addresses the risks, identifies security goals, and discusses strategies for achieving those goals.
According to Plunkett (2008), the finance people need to be taught on how to detect fraud. They need to be taught how to keep antifraud software operational. The IT operation employees need to be trained on how to recover lost data as well as review firm’s firewalls. All staff needs to be trained how to use antivirus software to scan the system together with malicious ware like emails from unknown people. Employees need to be taught how to protect their passwords. That is by logging off from their devices after use. They should as well change the password after it is accessed by a third party.
Sharing of sensitive information should be in coded form to avoid access by hackers who might have penetrated the system (Hoyer, 2013). Establish and make known a reporting authority for employees who face trouble using the system. Employees need notification that social sites are inaccessible for security purposes. Devices that try to access such sites will be shut by the admin. Employees should send screenshots of troubles they encounter online or when using the system to the administrator.
Mahmood (2004) says that business intelligence (BI) involves offer collecting and translates big data and transforms it into tables, graphs and charts. The business intelligence gives useful information which is actionable in decision making. The products and services being offered will also be diversified, and the same firm channels can be used. The data is stored in data marts which are an unstructured way of storage to increase its security and grouping of related data. Data is sourced from internal sources and external sources. Internal sources are things like sales information, cost analysis, and demand forecasts. External data can emanate from customer tastes and preferences and competitors actions.
Discuss some of the ethical and potential legal issues for the company and how the security measures that you've outlined will help to minimize these problems.
The internet is the new environment for unethical behavior due to its massive uptake globally (Mahmood, 2004). Ethical issues under focus are system security, privacy, online retailer fraud and selling personal data. Confidentiality and security of client information should be kept in privacy from third parties. Hoyer (2013) says that a firm should have a secure firewall system, back up of stored data and antivirus to ensure its system security is not compromised leading to losing of data. Customer background checks and contact via mobile phone should be done to assess deals that are suspicious to eliminate fraud. That will promote trust from customers for cases of misrepresentation in purchases, and non-delivery will be eradicated. The shop should put a policy that bans children buying for they cannot differentiate realities and fantasies in life.
According to Plunkett (2008), the rapid growth of online retailing has increased opportunities to sell goods and services. New rules and laws have come up to regulate online transactions. The laws are aimed at protecting online customers and on the other side the retailers. The Consumer Credit Act and Consumer Contract Regulations have sprung up to protect the consumers' rights who are in their agreement with retailers are faced with unfair terms. Clients should be assured they can seek legal redress when their information is deliberately passed to third parties. Register the domain name to ensure no counterfeit website can form. The firm should get its copyright to make sure that no business can replicate its services or goods. Identity theft and cyber attacks will thus be curtailed for violators will be prosecuted.
References
Mahmood, M. A. (2004). Advanced topics in end user computing. Hershey, Pa: Idea.
Plunkett, J. W. (2008). Plunkett's e-commerce & Internet business almanac 2008. Houston, Tex: Plunkett Research, Ltd.