Warning: You are viewing this page with an unsupported Web browser. This Web site works best with Microsoft Internet Explorer 6.0 or later, Firefox 1.5, or Netscape Navigator 8.0 or later. Learn more about supported browsers.

Help protect sensitive data in Office Live Small Business

This article describes best practices for working with sensitive data in Microsoft Office Live Small Business, especially personal information about your Web site visitors, customers, employees, vendors, and partners. In thinking about efforts to secure your information, it is helpful to understand the way data is transferred on the Internet, and how it is stored in your computer.

In this article

Transferring digital data on the Internet

The Business Applications and Contact Manager areas of Office Live Small Business give you the option of transferring your information with extra security using the Secure Sockets Layer (SSL) protocol. SSL uses encryption to provide an extra layer of security for the private information you send in e-mail, Web browsing, and other data transfers. This helps to ensure that the information cannot be intercepted or tampered with.

SSL is not automatically turned on when you start using Business Applications and Contact Manager. Enabling SSL may cause your Office Live Small Business features to run more slowly, and not all accounts may need the extra protection of SSL. Every Office Live Small Business account is already protected by a Microsoft Windows Live ID. SSL provides an extra layer of protection.

 Note   Some parts of the Store Manager area of Office Live Small Business are also protected by SSL. In those parts of Store Manager, SSL is automatically turned on, and is not affected by whether SSL is turned on or off in Business Applications and Contact Manager.

If your Office Live Small Business account deals with sensitive or confidential information, you should consider using SSL to help further protect that information.

 Important   When you turn SSL on or off, the change does not take effect until you begin a new session. Also, any remote sessions being run by other users on your site will continue to use their previous SSL setting until those sessions are disconnected and opened in a new browser.

Encryption, SSL, and HTTPS

When you turn on SSL, your information is encrypted and sent in Hypertext Transfer Protocol Secure (HTTPS) rather than the more common and less secure Hypertext Transfer Protocol (HTTP). Encryption is a technology that scrambles information at the sending point; an authorized recipient reassembles it at the receiving end. If you are using this more-secure protocol, the Web address of the site you are visiting —visible in your browser’s address bar —begins with https, for example https://northwindtraders.com.

Even data sent using HTTPS is not completely safe, however. The likelihood of intercepting and decrypting HTTPS data depends on the complexity of the encryption scheme, the sophistication of the tools used to break it, and the skill of the intruder. However, data sent using HTTPS is much more secure than data sent using HTTP.

Turning SSL on or off in Business Applications and Contact Manager

When you turn SSL on or off in Business Applications, it is also turned on or off in Contact Manager.

  1. On the Office Live Small Business Home page, at the top, click More, and then click Business Applications.
  2. Click settings.
  3. Under Modify, click Enforce secure connections.
  4. Select Yes to turn on SSL or No to turn off SSL, and then click Save.

Top of Page Top of Page

Storing digital data on the Internet and in your computer

As the user of a computer that is connected to the Internet, you can store information in a number of ways, including e-mail messages and e-mail attachments, Web pages, Internet applications, or in a file in a desktop or notebook computer, or on a mobile device. These data-storage methods have vastly different levels of security against data loss through unauthorized access or through hardware or software failures. The more secure ways of storing data require users to be authenticated, and the data is backed up regularly to a different location.

Transferring and storing sensitive data in Office Live Small Business

Best practices

We recommend that you use the telephone to communicate sensitive information and that you store that information in a desktop or notebook computer that authenticates users with a user name and password that you set. You can also password-protect files in some programs, which adds an added security level. Be aware, however, that even if the data is relatively secure from unauthorized users, it can still be lost through hardware or software failures. To avoid this, back up your data regularly to a different location. Additionally, observe the following:

  • If you own, operate, or design an Office Live Small Business public Web site, warn your Web site visitors against sending personal information by using the form on the Contact Us page. Place a warning on the Contact Us page. The information that visitors type into the Contact Us form is sent by regular (unencrypted) e-mail; therefore, it is not secure.
  • Never send personal information in e-mail, whether in the subject line, body text, or in an attachment. Note that even sending e-mail to multiple recipients can reveal to each recipient the e-mail addresses of the other recipients. You can avoid this by using the Mail Merge feature of Microsoft Outlook, or by placing each recipient's e-mail address in the Bcc line.
  • Never post sensitive information on public Web pages. Sensitive information does not refer only to highly sensitive items such as social security numbers, a person’s financial information, phone number, and so on. Personally identifiable information (PII) is defined as any information that can be used to identify, contact, or locate the person with whom the information is associated. It can include basically any information about a person that could be used to identify that person, such as an e-mail address.
  • Do not put personal information on Web pages that you think the public doesn’t know about, or in downloadable files. For example, Web site designers might put personal information on pages that the public doesn't see, on the theory that no one except the people they tell about the pages would know that those pages exist. But if those people tell others, or someone discovers the page accidentally or by intruding, the information becomes available to anyone who knows the URL (the address that uniquely identifies a location on the Internet), unlike password-protected Web pages.
  • If you collect visitor information on your public Web site using the Form Builder module, do not collect sensitive data such as government identification numbers, credit card information, financial account numbers, or other data that should be encrypted while being transferred from your customer's browser. Customer information submitted with the Form Builder module is transmitted in clear, unencrypted format across the Internet. If you want to collect sensitive information, use a provider that offers SSL-enabled hosting.

Top of Page Top of Page
© 2009 Microsoft Corporation. All rights reserved.