By taking common sense precautions, security experts say small businesses and consumers can protect themselves from hacking -- as in the case of suspected hacker Albert Gonzalez and his Russian accomplices who are accused of stealing 130 million credit card and debit card numbers.
Businesses that engage in e-commerce should have Web-hosting providers that are PCI (payment card industry) compliant, have strong intrusion detection systems and have company policies that limit the amount of information shared by phone, said Rob Hinst, director of hosted services for Long Island Fiber Exchange, a Nesconset Internet technology company. PCI compliance, Hinst said, is a set of guidelines designed by credit card companies for secure Web transactions.
Somewhere down the line, said Harry Hinteman, an executive at Stafford Associates, a Setauket hosting provider, businesses hacked by Gonzalez apparently did not have the necessary security.
Among the PCI guidelines is an intrusion detection system that offers firewall-level protection. The firewalls recognize repeated hacking attempts and then take steps to stop them.
"A main thing is having a good, reliable Web-hosting company," said Phil Nail, chief technology officer for AISO.net, a California-based IT company with nearly 15,000 clients.
Security issues can arise, Hinst and Nail said, when businesses have openings, or holes, in their intrusion detection systems.
Todd Davis, chief executive of LifeLock, an Arizona company that guards against identity theft, said Gonzalez hacked into retailer TJ Maxx between 2005 and 2007 by finding such a hole -- wireless connections that transmitted transactions from mall locations.
"Also be aware of vulnerabilities like peer-to-peer networks," Davis said. These networks -- where data can be shared between thousands of computers -- often are created by downloading free software for music and videos.
Also, many individual PCs don't have enough protection against viruses, spyware, adware and malware. Gone undetected these infected files can give access to hackers.
For secure Web transactions, consumers should look for a small lock icon in the bottom right corner of the computer screen. This lock - with the address bar simultaneously displaying https -- signifies an encrypted transaction, meaning personal information is blocked.