Even if you do not have any national security documents on your web site, it is very important to take your web site's security seriously. If you sell products on your web site, this is especially important.

A typical setup is that you have one or more sales pages for your product and when a prospect clicks on an order link they are redirected to PayPal, 2CheckOut or some other payment processing service. This setup is good for several reasons, the most important being the fact that you avoid having to deal with credit card numbers and other sensitive customer information. So far in 2007 there have been published reports of more than 89 million identity records exposed from data breaches. See the Identity Theft Resource Center for some really scary reading. Leaving data theft worries to companies who specialize in handling financial information is a great strategy for most small businesses.

But that does not leave you totally in the clear. If you are selling a digital product that the customer can download immediately after the purchase, you need to ensure that the product is protected. There are many ways that web site owners inadvertently leave their valuable products unprotected - making them available for free to anyone who knows where to look.

The three most common mistakes are:

1. Easy to guess filenames.

If 'AdWords Secrets' is the title of your book, don't create a file name called AdWordsSecrets.pdf. It would be too easy for people to guess the URL to download your book that way if the URL is www.example.com/AdWordsSecrets.pdf, or something similar.

You should add a version number or date into your filenames ex: AdWordsSecrets_v42.pdf, etc. This makes guessing the filename and the URL of the file more difficult.

2. Indexing the product itself or the download page is the function of search engines.

With an increase in efficiency of today's search engines it has become quite difficult to keep any website a secret from search engines. Even without public links accessing your product download page there are other ways for a search engine to discover it and index it. After it has been indexed anyone using that search engine will find your product download page information in their search results, making them able to download your product without charge.

You should regularly check what each search engine knows about your web site. In most major search engines you can use the site: operator, e.g. site:example.com, to get a listing of all the pages on your web site that have been indexed.

3. Improperly configured robots.txt

On your web server, you will probably include a robots.txt file. This text file is used by most search engines and tells them what to index and what not to index. Typically, you will want to prevent search engines from looking at certain directories that you use for statistics reporting or downloads. Theoretically, this should mean that search engines won't index any hidden, non-public, or secret pages on your website. Unfortunately though, some hackers may try to view the robots.txt file. This could make you vulnerable to someone possibly downloading your product without paying.

A balance needs to be determined between securing some files and file directories in a robots.txt file and at the same time not telling too much detail about the set up of your overall web site.

Using the internet to transact commerce with items of a digital nature is a marvelous opportunity. To ensure that you receive payment for your hard work, consider these items and your own natural instincts.

Nick Dalton is an Internet security expert who regularly writes articles for Internet business entrepreneurs at http://www.TipsTricksToolsTechniques.com/. His latest published report is called The Digital Security Report.