How to keep your online store secure?
Every day the media is reporting on some form of cyber attack or a case of online fraud. A Malwarebytes report noted a 195% increase in ransomware attacks on enterprises from Q4 2018 to Q1 2019. The same Malwarebytes’ report also found an increase in detections of 500% from Q1 2018 to Q1 2019. And the COVID-19 pandemic is only serving to intensify the number of cyber attacks on businesses. Cloudflare has reported that hacking and phishing attacks are up 37% month-on-month since the crisis began. Elsewhere, Risk Based Security’s 2019 Year End Report found a 284% increase in exposed records for 2019 compared to 2018—with the total number of exposed records topping 15.1 billion.
With the volume and magnitude of cyber attacks growing by the day, it’s clear that your store's security is paramount. Failing to address this opens your business up to a whole host of threats including data breaches, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data and—ultimately—irreversible reputational harm. However, by addressing some essential areas, you can be safe in the knowledge that you have done everything within your power to keep your online store safe and secure. In this article, we’ll look at some examples of best practice and key areas to focus on in your security strategy.
Identification and authentication
At the heart of your website’s security are identification and authentication. You need to be sure that the person that someone is claiming to be is, in fact, that person. There are a growing number of technologies you can leverage here e.g Veriff, meaning that you don’t physically need to authenticate anyone. But even so, you still need rules around strong passwords. It sounds simple, but year-in, year-out, the old favourites continue to rear their heads as the most popular passwords—‘password’, ‘123456’, ‘qwerty’. It might take just one weak password for an opening to occur in your systems. It’s crucial, therefore, that you have strong password requirements in place both for your site’s external visitors and within your businesses itself. And on top of this, you may also consider implementing 2-factor authentication, e.g a password and a phone number. Yes, these represent extra steps for your customers and employees, but in the long-run, they’re going to thank you.
Web Application Firewalls (WAF)
Hackers can attempt to probe your web applications via a whole host of methods. Common examples include SQL injection attacks, which can be used to extract information from your databases. Also, cross-site scripting (XSS) attacks can be used to take over accounts, change your website’s content or direct visitors to malicious websites. Whatever the method, the results can be disastrous both for your customers and your business. WAFs prevent these types of attacks from occurring by protecting against any sensitive data exposure from your systems. Keeping customers’ data private and secure is a clear priority for any business. A WAF does this by monitoring and protecting all incoming and outgoing traffic to your website.
Hear from our Business Development Manager for Security, Olga Gutenko, about the impact of COVID-19 on the world of cybersecurity and how you can protect your business.
When it comes to security, you simply cannot leave anything to chance. After all, even the smallest chink in your system’s armour could lead to potentially disastrous consequences. For this reason, it’s crucial that you adopt an ongoing initiative of platform hardening—which is essentially reducing your surface attack in order to be less vulnerable. Within your site, you may have some software or processors that are no longer used and have been dormant for as long as you remember. But from a security standpoint, if one of these becomes weak, then you will need to divert resources to fix this problem. This represents a waste of resources and a waste of vital time. So, remove everything that is useless—otherwise, it’s posing an unnecessary risk to your business. You may have duplicates for example, that are taking up extra space but are not being used. Discard these. In going forward, regularly evaluate the software you have, consider if it’s really necessary and check to ensure that everything is up to date.
In conjunction with your platform hardening exercise are your security hardening guidelines. These guidelines are created and used within your business to inform and guide best practice. Some more common applications already have hardening guides in place which your employees can use—see this guide from the Center for Internet Security as an example. You can look to introduce some additional high-level guidelines around such things as removing default configurations, session timeouts, batching and more. This ensures that everyone within your organisation understands, and is up to date on your security procedures.
With vast amounts of data being flung through the air at any one second, the need for encryption is at an all-time high. You want to be sure that the data you are sending is a) going to the right person and b) not being seen by unauthorised eyes. A key model in security to assess the information security of an organisation is the CIA (confidentiality, integrity and availability) triad. Encryption falls squarely under the heading of confidentiality, which takes on an even greater weight with the implementation of the GDPR. It is thus more vital than ever that data of any kind (however trivial you think it may be) is encrypted to retain its confidentiality.
With security threats expanding, businesses need to implement some form of periodic risk assessment. A formal and regular security assessment will allow you to gauge where you are at risk and where you are not. And within your potential risks, you can then look at what the actual tangible consequences of each risk might be. This will allow you to focus on your most critical threats. Carrying out assessments provides you with an overall picture of your current security situation. They’ll also serve to increase awareness of security issues within your company, ensure that you are on top of the latest threats and demonstrate to your customers that security is important to you!
Protect your business & customers
Security is everything. Without it, you’ll lose all trustworthiness (read: customers) and your reputation will quickly disappear into the abyss. Encrypting data transmissions, setting password requirements, protecting systems from attacks and constantly reviewing your security setup as part of your audits are just a few ways you can help to protect the security of your business and your customers.
Fortunately, we at Vaimo are working behind the scenes to ensure that your security is up-to-date and effective. We work with both B2C and B2B clients across various industries to drive their digital commerce success. As part of our services, our dedicated hosting and security teams work to ensure that your digital security is safeguarded at all times.
Book a call with our team to hear more how to protect yourself against the world's most threatening security breaches.
Vaimo is a global expert in digital commerce. As an omnichannel agency, we deliver strategy, design, development and managed services to brands, retailers, and manufacturers.
We drive success in digital commerce with expertise in B2B, B2C, PIM, Order Management, and ERP integrations. With 12+ years of technical excellence, we support clients in business development, digital strategy and customer experience design.