Have you been keeping up with the latest news regarding Google and the persistent hacking coming from China?  It’s a big deal and certainly at the forefront of web and computer security in the news right now.  In fact, as of today, it looks like the U.S. government might even be providing some help from the NSA.  Google has even considered pulling out of China in a dramatic way.

Here’s the deal—if a company as big and well-protected as Google can be hacked, it really is just a matter of time before your open-source powered website could meet the same fate.

And who knows what the purpose will be.  It’s not likely that your website is going to be harboring any classified government secrets or anything, but that’s not the only thing hackers are after.

Your business might have proprietary information that you need to keep prying eyes away from.  A crazy, but hacking-proficient someone might be out there who wants to turn your website upside down for some reason or another.  Hackers might just want to install spyware on your website to steal private information or perform identity theft of your hard-earned customers.  Who knows.

Whatever the case may be though, one thing we can all agree on is that getting hacked is just not a very pleasant situation at all.

But What’s So Bad About Open Source Web Software?

Well, technically there’s really nothing wrong with open source software in general.  Some is coded quite securely for that matter.  But the bottom line is that if hackers can get away with repeatedly attacking Google’s systems for a good part of December, they can certainly get through the open source software you’re running, no matter how well it’s been written and implemented.

That said, there are a few solid reasons why running open source can put you at risk:

First of all, open source is just that…open.

Hackers practically have access to a complete encyclopedia worth of information on how it works and what security flaws have been identified and patched (as well as those that are still ripe and available for exploiting).

Secondly, open source software is a BIG target because it’s so widely used.

Let’s face it, if a hacker has the opportunity to exploit hundreds of thousands of sites with one “hack,” the chances are pretty big that they’re going to seize this opportunity rather than go after a single little website somewhere that’s running its own secure proprietary software.

And then there’s the updating issue.

We know for a fact that hackers go after open-source software so frequency because it’s such a large target market—and one that’s full of readily available information.  There are even communities of hackers that dedicate their efforts exclusively towards just one open source platform or another.  But even the sense of security that updates and patches provide is really just another falsehood—by the time the latest patch comes out (and if it ever actually gets installed…which is another huge issue), the hackers have already long since moved on to the next opportunity.  Retroactive open source software updates are simply too little, too late for eager hackers.

Here at Sleepless Media, we strongly encourage the use of custom-built software to run our clients’ websites and web applications.

Of course we’re proficient at developing incredibly secure software, but beyond this fact alone, it’s been proven time and time again that hackers simply ignore one-off professionally developed sites like this.  They’d rather achieve notoriety within their software-specific communities or go big time by targeting the widely deployed open-source software that so many websites are using these days.  Being a small fish in a really big pond has its benefits!

Providing a safe, secure, and reliable e-commerce experience for your customers is vital at a time when online competition is just downright fierce.  The last thing you want to do is work hard to attain a new customer online, only to lose them because of a security problem…even if it is just a “glitch” and not a real exploit.  Thankfully, securing your e-commerce website really isn’t all that difficult; it just requires competent experience by those putting together the system.

SSL Security Certificate Encryption

This is the baseline level of providing security between your visitors and your website—it’s an absolute must for any e-commerce site for sure.  Using SSL encryption means that all private data provided and transmitted in a transaction is completely locked down to any and all would-be prying eyes out there along the stream of transmitted information.

Getting such a security certificate does require the authentication of your website first; in other words, the issuer does a check before the certificate is issued to make sure you are who you say you are.  Providing this standard level of security can also involve the need for a dedicated IP address on your web hosting.  This is also a good thing for e-commerce website owners, as web hosting with a dedicated IP is much more professional than potentially sharing an IP address with bad neighbors on shared hosting.

Use A Respectable E-Commerce System

It’s simply going to work better, be better and more thoroughly tested, and come across as more professional to your website’s customers than one that’s hacked together by an amateur.  Also, when you’re using professional e-commerce software, like open-source osCommerce for example, the developers of the system will usually work hard to release updates and security fixes any time a potential problem is exposed.  In an age where hackers are often several steps ahead of the curve, it’s good to know that experts are right there alongside as well, keeping the software safe and secure on your behalf.

Ensure Custom-Developed E-Commerce Software Is Secure

Using widely available open-source e-commerce software such as osCommerce is a popular and safe way to go for many websites.  However, sometimes something a little bit more custom is necessary to meet your website’s objectives.  If this is the case, it’s no problem at all—in fact, in some cases, custom e-commerce software can actually be more secure because it’s not a “popular” target for the bad guys.

Now at the same time, you’ve definitely got to make absolutely certain that the custom software your website uses has been built by true experts with years of experience developing security-focused commerce software applications, not just some kid down the block that knows how to make websites.  At Sleepless Media, custom secure platforms are actually one of our specialties.

Putting All The Pieces Together…

Naturally, there are additional steps that should be taken to really ensure an enterprise-level secure e-commerce experience for your website’s visitors—and we’ll be more than happy to discuss these ideas with you at any time.  Just give us a call!