9 Important Protections Against Ecommerce Hackers
Guest Blog By: Joe Butler
Not all that long ago, it seemed like hackers were only going after the bigger fish.
Investigations of significant breaches at Target, The Home Depot and even the U.S. Office of Personnel Management showed that cyber-criminals spent months, maybe even years, planning and executing plans to infiltrate these networks, where they could potentially access not just financial data but customer info.
It was definitely not a good thing if you happened to be one of the affected businesses or a customer, but your average small business owner was likely happy it wasn’t them, and figured they would continue to be unnoticed by your average hacker.
Unfortunately, in today’s world, many cyber crooks are changing strategies and looking for potential breaches of any size of business. Cyber attacks were up 50% percent globally between the second quarter of 2015 and the second quarter of 2016, according to a report from ThreatMetrix Digital Identity Network, and smaller businesses are especially vulnerable to account breaches simply because they may not have installed adequate protections in the past.
Businesses that offer online transactions can also be targets, since they have more entry points that need to be secured, and hackers can gain access to customer financial info and their credit card details.
E-commerce companies wanting to improve their defensive capabilities against hackers can try these strategies:
- Outsource
One simple solution to not wanting to bother with extra security protocol is to contract with a prominent third-party vendor like PayPal. This allows your customers to provide their financial data through PayPal and not you. There are transactional fees that you and sometimes your customers will have to pay, but it may be worth it to have them assume the risk.
- Use SSL Certificates on Critical Pages
Receiving this certification allows you to encrypt data between your system and visitors to your certain pages. The transactions are impossible to see by outside observers. You may not want to get SSL for every page of your site, but at least critical ones where customers can enter their data like check-out pages.
- Don’t Store Sensitive Data
You can and may want to keep some customer data they provide you for marketing purposes, such as names, email, addresses and even some of their shopping preferences or demographic data. Repeat customers will especially like not having to give that info every time they sign up for something. However, credit card info, such as CVV2 numbers and expiration dates, shouldn’t be stored at all, even if it’s a store credit card specific to your company. This way, if you are hacked, the cyber attackers won’t get much of value.
- Use Two-Factor Authentication
Some sites ask customers to register with a username and password and call it good. But these aren’t hard to get around or even guess by determined hackers. As an extra precaution, you can set up your secure registration program to ask them to answer a security question, or text them a short number to their mobile device that they can enter to verify their identity. This can work for setting up accounts or changing account info.
- Make Sure You’re PCI Compliant
You must meet PCI compliance standards in order to accept and process credit card info and other types of payments from customers. It requires auditing and documenting your security protocols including how transactions occur, who has access to this info and how customer privacy is provided.
- Test Your Security
When a breach takes place, it’s easy to panic as you try to figure out where the intruder is, what they’re doing and how to get them to leave. This is followed by figuring out what they did, how long they were there and how to keep them and others out. Rather than doing all of this during a crisis situation, you can schedule a simulated breach hiring a security firm or using reputable cyberattack simulation software. No actual damage will be done and it will give you security guidance.
- Educate Employees
A workplace could employ actual criminals who want to steal your company data or customer info. Or (more likely) it may have loyal employees who could make mistakes, such as opening unauthorized emails and spreading malware; accidentally introducing a virus from a suspicious thumb drive; or leaving their mobile device or laptop unlocked where someone can steal it or take data from it. A computer security policy with regular updates can emphasize the importance of safeguarding all this data.
- Create Levels of Security in Your Network
This can make sure only trusted people have privileges to access more critical areas. If your network is breached by someone posing as employee, they still may not have the ability to access higher security levels. Some companies even have their most critical info offline in a private terminal.
- Educate Vendors & Make Sure They Also Use Current Security Best Practices
The Target breach revealed that even though an organization may have strong front-line defenses, a weak point could be where a vendor receives access. Hackers can potentially gain access to your network if they figure out how to enter a weakly defended vendor network.
Overall, the biggest, most basic piece of advice to make your online store’s cyberdefenses strong is to constantly keep at it. An investment in anti-virus programs for every company desktop three years ago may have been wise then, but today, hackers are more organized and resourceful so old methods and tools need to be regularly updated.
Joe Butler has been writing about personal technology topics for more than a decade. He especially enjoys learning new approaches to improving network security.