Continued from page 1
After securing your server next thing to look at has to be ways of protecting data. Most theft occurs directly from web site itself and if you’re trying to protect images, there are plenty of watermarking programs that can apply a watermark to your images. Take a look at www.hotscripts.com for example and search for watermarking. You can also find hints and tips on preventing people from saving your files to their local pc on many sites, http://javascript.internet.com is a good source for free scripts and searching on Google for javascripts will reveal more sources.
The company in example I used earlier had watermarking protection for all their images but, unfortunately for them, watermarking was dynamic meaning that images themselves were unwatermarked and watermarking was applied when browser displayed images. What this meant was that by stealing images from server, thieves were able to take unwatermarked images.
There is a way around this and something like Strong Arm from www.liquidfrog.com can help by taking invisible watermarks or copyright information and embedding it directly into image. Being able to positively identify a file on someone else’s website as belonging to you can be a strong persuader in making them remove your content from their site even if they feel they’ve bought it legitimately. By proving ownership of a file you can bring a large amount of pressure to bear and save yourself legal costs of issuing a cease and desist notice.
So far we’ve looked mainly at ways of preventing image theft. What if your site contains document files or exe files that you make available for download perhaps? How do you prevent them from being stolen? Including a copyright in a text document is something that everyone should be doing but it’s very easy to remove that and claim work as your own. Given fact that you are allowing people to take these files from your site, you should be including a way of identifying them so that, if you see them on another site, you can prove ownership. Again something like Strong Arm can help.
Finally, having done what you can to prevent theft of your data, you need to check regularly that your web site is still secure and that your file protection systems are working. You also need to check what current trends are for data security by making sure you understand where latest threats are coming from. At moment China and Russia are two major culprits but this will probably change over time as less advanced countries come up to speed. New ways of stealing data are always just around corner and you need to be one step ahead whole time. It’s only by keeping on top of it that you can effectively prevent data you’ve bought and paid for being stolen!
John Miles is a security consultant and programmer. He deals on a daily basis with threats to web site security. With ten years in the computer industry he has seen the damage that can be done to a business by the theft of its intellectual property from a website.