Managing the risks of doing business online

Online business opportunities provide many obvious benefits, including: access to new markets; extending business beyond traditional trading hours; receiving payments more immediately; reducing inventories; and reducing the overheads associated with operating in physical premises.

However, doing business online does not come without risks - both to the business owner and to customers. The world of e-commerce, and the sharing and transfer of information in a digital form, increases exposure to those wishing to use and manipulate this data for their own benefit. Unfortunately, such actions by those operating in the darker side of the online world implicitly damage the faith of customers, and the reputations of organisations who conduct business over the internet.

As online operations become more mainstream, and even the more conservative and tech-averse customers start to look online, it will become increasingly critical to the success of a business that it can show it is operating in a secure and safe environment. Some considerations for business owners include:

Ensure privacy laws are not breached: It is important to understand exactly what information is being collected and held about customers, and to ensure this is only given to appropriate persons within the organisation to conduct business transactions. Protect data from external threats. Appropriate levels of network security are crucial in ensuring that business and customer information is not subject to theft, alteration or damage from external attack.

Restrict access to information: Ensure that only people who have legitimate reasons for using business information have access to it. It is also important to ensure that individuals are not able to alter this information without good reason and that a review process is in place in relation to such changes.

Have a disaster plan: Check that the organisation has appropriate backup, disaster recovery and business continuity plans in place. For organisations that operate online, information is their lifeblood. Without information it is difficult, if not impossible, to operate. The preparation - and testing - of recovery and continuity plans is important.

Maintain integrity of data: Errors in the management of data can be costly to organisations, resulting in the dissemination of incorrect information and the possibility of making bad business decisions based on poor data. Reduce the risk of this occurring by maintaining standardised processes for capturing and entering data, and ongoing review of data sets for items that will corrupt their integrity.

The challenge ahead for businesses operating online is to balance the needs of getting business done while protecting the business information. Without either, surviving in the long term can be a difficult proposition.

*As a partner in the Audit and Assurance team of HLB Mann Judd, Chris has responsibility for managing the internal audit and risk management functions. He also manages a diverse portfolio of external audit clients. Chris’s background is varied, having worked extensively in both the chartered accounting profession and in the commercial environment.