How To Prevent Your E-Commerce Site From Being Hacked This Year
For e-commerce shop owners, losses related to credit card fraud and other types of hacker misbehavior top the wish list of things Santa could have left back home at the North Pole when he went on his appointed rounds last December 25th.
As retail industry analysts expected, 2018 was a great year for e-commerce store operators but one part of the world delivered some anomalous data. We’re talking about you, Canada.
In the midst of the busy holiday shopping season, market research firm KPMG released a preliminary findings of an upcoming report about the state of the Canadian e-commerce industry, and there are reasons to believe that consumers in the Great White North are not as enthusiastic about online shopping as their counterparts around the world.
It so happens that Canadian shoppers have serious trust issues about their personal data being transacted on online retail channels. Here are some of the KPMG statistics:
- 54 percent are seriously concerned about the potential risks of identity theft.
- 30 percent are absolutely adamant about not sharing their personal data online.
- 46 percent believe that behavioral tracking is inherently bad.
- Only 6 percent actually trust that major retailers will keep their data safe. With smaller e-commerce players, this percentage is actually lower.
Naturally, the statistics above should prompt e-commerce business owners to increase the security of their shops. With the recent news still ringing in our ears that Hudson’s Bay Company, the parent owner of major brands such as Lord & Taylor plus Saks Fifth Avenue, lost millions of credit card records to hackers in 2018, don’t expect Canadians to warm up to online shopping all the sudden.
With all this in mind, here are eight preventative measures that e-commerce shops should consider implementing in 2019 for the benefit of all their customers, but especially those who reside in Canada.
Don’t forget. You might not think you sell to people in Canada, but you’re probably wrong. The internet works everywhere.
1 – Make Strong Passwords Mandatory
Even when business owners do the best they can to keep customer records safe in their e-commerce platforms, there is still the delicate matter of username and password theft to consider.
Shop operators should insist on strong passwords that combine upper and lower case characters along with numbers and symbols; furthermore, they should remind shoppers to avoid including personal information within their passwords.
2 – Thinking About Security in Terms of Layers
Modern e-commerce shops should think beyond the traditional firewall and antivirus software combination as their main security strategy.
In 2019, they should be implementing layers of security, which may include endpoint protection, data encryption and preventive measures to avoid database attacks such as SQL injections.
3 – Choosing a Monitoring Service
In the United States, major retailers such as Macy’s have learned hard lessons about cyber security, and they are getting hip to the fact that active monitoring is something that they should be using in 2019.
Smaller e-commerce operators may not be able to afford live monitoring by information security specialists, but they should try hard to pony up the funds to install automated network monitoring solutions to alert them of intrusions or suspicious activity such as a spike in traffic coming from China or Russia.
4 – Educating Employees
Training staff members on the best security practices is a measure that European e-commerce operators have adopted in recent years, and this has sharply reduced the incidence of employees falling for obvious phishing attacks.
Rogue insiders are less likely to attempt internal breaches when they know that their co-workers are savvy about information security. Business owners who choose to adopt a “bring your own device” policy should consult with IT security specialists as to how personal devices should be secured, scanned, protected, and compartmentalized.
5 – Educating Customers
Since we’ve seen some consumers tend to be less trustful of e-commerce operators, consider devoting a website section to educating store patrons how they can solidify their online security through the use of a technology that is rapidly growing in popularity – virtual private networks (VPN).
Today, implementing strong security policy is much easier than it was a decade ago. However, hackers have engaged in an arms race, so the number of threats has also increased.
To keep pace, store owners should follow infosecurity practices, so that their networks – and customers – are protected from attack. Two good places to start: the National Cyber Safety and Security Standard (NCSSS), which maintains a list of cybersecurity best practices for Indian business owners, Privacy Canada – a list of the best VPNs for North Americans in terms of data privacy. Both NCSSS and PA evaluate various services to decide serves as an anonymous encrypted “tunnel” through which to access the internet, reducing the possibility of hackers eavesdropping on any sensitive financial data in transit while making a purchase.
Note: you’re at particular risk if you frequently use public Wi-Fi spots. When working from a cafe or coworking space, always use a VPN to encrypt your website traffic.
6 – Avoiding the Collection of Sensitive or Unnecessary Data
Payment card industry security standards frown upon the excessive collection and storage of sensitive data such as card verification codes.
Whenever possible, PCI records should be kept at the very minimum. In the case that shoppers complain about having to enter the credit card data over and over again with each purchase, it would be helpful to teach them about PCI security, which has been established for their own benefit.
Further, organizations and store owners should avoid sharing information in local files like Word docs and PDFs, both of which are prone to contain malicious code. There are many features in a PDF that can be used in malicious ways without exploiting a vulnerability. Essentially, when you clicking edit PDF in Adobe or other software, a hacker can embed an executable and make it launch when opening the file.
As such, it’s best to stick to cloud applications like Google Documents and Microsoft Office/Live (cloud), which have enterprise-level vulnerability scanners and can easily detect affected files.
7 – Keeping E-Commerce Platforms Safe
Store operators who do not host or maintain their own e-commerce platforms should strongly think about retaining a service that will keep them up-to-date in terms of patches, fixes and upgrades.
It does not matter if the platforms are proprietary or open source, what is important is that they are regularly scanned for issues and updated whenever crucial packages are developed after vulnerabilities are discovered.
Thinking beyond the platform, databases, operating systems, and web apps should also be checked and patched on a regular basis.
8 – Implementing Data Backup Solutions
With ransomware and denial of service attacks on the rise, the need for a comprehensive and reliable data backup solution has become a priority that e-commerce business owners should not ignore.
The best recommendation is known as “bare metal” backups that replicate and encrypt data in all directories, including databases, operating systems and the hosting structure. Offsite cloud backups may also be enhanced with features such as virtual booting, which enables users to remotely access a workstation in case of complete data loss or damaged hardware clients.
The Bottom Line
In the end, the prospect of a flourishing e-commerce industry (in Canada and elsewhere) lies in the hands of business owners who truly care about protecting, not just their online stores, but also the integrity of their customers’ personal data.
The eight measures listed herein should be considered the minimum security to be applied in 2019.