Once you've learned to think like a hacker, consider enlisting the services of an expert. "Security can get so complex so quickly, that even major corporations will hire security experts. Chances are, unless you're an expert in the area, you're not going to know enough," Sherman says. IBM Global Services provides "Ethical Hacking," an alternative to hiring a full-time security guru. For between $15,000 and $40,000, a team of expert hackers performs a thorough review of your overall network design. Then they'll attempt to gain unauthorized access to your server and you'll get a complete report, along with recommendations for immediate and long-term security improvements.
What can you do if your budget isn't big enough to hire a team of white-hatted hackers or a security genius? Move the whole thing offsite, like Rockliffe Software did shortly after the hacking incident. "Running a server locally can be problematic, especially if your Internet connection goes down. To be honest, I wouldn't recommend it to anybody," Davies says.
"People who have servers in their homes have a lot of challenges because they have to manage the software and the traffic and they have to be on call 24 hours a day," says Laura Zung, vice president of product management for Verio Inc., a Web hosting company that offers secure e-commerce packages with built-in encryption. "The very best option for homebased entrepreneurs is a hosting account and e-commerce software. It gives the best price performance and is very secure." With equipment in your home, you're responsible for your customers' security. If you sign up for a remotely hosted Web site, then the ball is in the provider's court. A Web host also absorbs most of the overhead and setup costs, creating an inexpensive, virtually hack-free solution.
Whether you keep your server at home or farm it out to a Web host, you can insure yourself against electronic attacks. INSUREtrust.com offers policies that cover breach of computer security, computer theft, damage to data and software, and loss of business income due to illegitimate use or a denial of service attack. Marsh Inc. provides a "Net Secure" policy that covers security breaches, information theft and denial of service attacks.