Protect Your eCommerce Business from Cyber Threats
While the pandemic accelerated the move to eCommerce for many businesses, the rush to sell online has also meant huge numbers of businesses have cybersecurity gaps. And while cybersecurity can be an overlooked part of maintaining an online business, cyberattacks can be catastrophic. Not only could your business lose, online revenue, data and customers, but its reputation could also incur irreversible damage.
Why is cybersecurity important for eCommerce?
- 72% of businesses say their website is an important part of generating sales
- Only 15% of eCommerce businesses use basic cybersecurity measures such as firewalls
- Only 4% have trained their staff in cybersecurity best practices.
Meet your customers’ expectations
When considering cybersecurity for your business, it’s not only your data you need to protect, it’s also your customer's personal information and payment details. Worryingly, 60% of businesses don’t take any precautions to protect their customer's sensitive information.
Customers need to feel secure while shopping online
When surveyed, 75% of consumers were concerned about the security of their personal information when shopping online. While on an eCommerce website, customers need to feel confident their information is safe in the hands of that business. If they feel in any way insecure about buying from that business, they’ll move on.
What are the main threats to eCommerce?
Phishing involves using enticing a person to do something or share confidential information through an email, text message or instant message. This is the most common type of cyber attack, with 94% of all attacks starting with a phishing email in 2021.
Malware also known as ransomware is malicious software or malware designed by cybercriminals to look like a legitimate file. It tricks users into downloading or opening it through an attachment to a phishing email. Once the user downloads the file, the malware takes over the device it was downloaded on and embeds itself into a network or system. It then either sits on the device gathering data or renders the device and systems it relies on as unusable.
This common attack type uses malicious code to manipulate the backend of a website to access information the website’s owner didn’t intend to display publicly such as customer databases. A successful attack can enable cyber criminals to view, manipulate and delete information in the databases of an ecommerce website.
Cyber criminals use e-skimming to steal customers' personal information and credit card details on the payment processing page of ecommerce websites. To do this, the malicious attacker needs to gain access to the website through a successful phishing attempt, a third-party compromise or a brute force attack. Once an attack is complete, the malicious attacker could capture customer information entered on the checkout page.
How can you protect your ecommerce site?
There is no foolproof way to protect your site from cyber criminals but, when you take the steps outlined below, you’ll begin to build a solid cybersecurity foundation for your online business.
A penetration tester’s view on eCommerce cybersecurity
It is also good practice to regularly review access permission to make sure all users of your website only have the required access permissions to do the tasks assigned to them. If login history is available, regularly review these for suspicious or out of the ordinary login locations that would indicate a user account may be compromised and finally, ensure that regular backups are created (and stored securely) to allow you to recover your data should your website ever be compromised."
Phillip Close, director at Secora Consulting and a seasoned web and application vulnerability and penetration tester.
Develop policies and procedures
The first line of defence against cyber criminals is having a solid cybersecurity policy.
In this policy, you should set clear and specific rules for your employees. These will help to guide your workforce on what to do in challenging situations, such as receiving a phishing email or having to report a cybersecurity incident. Your policy is also a showcase for your approach to cybersecurity. It will help you to build the foundations of a strong culture of cybersecurity throughout every aspect of your business.
Strengthen your passwords
Passwords are one of the most important defences against cyber criminals. Use a strong password to protect your eCommerce website and your sensitive information from being hacked. Long passwords that contain a variety of characters, numbers and symbols are more difficult for attackers to crack.
- Passwords should be at least 12 characters in length
- Use a mix of symbols, letters and numbers to increase its complexity
- Avoid recycling passwords
- Use a password manager
- Enable multi-factor authentication (MFA)
Secure any devices used by your business
Strive to ensure any device your business uses is as secure as possible to defend against attacks.
Anti-virus software is one of the most commonly used cybersecurity tools. It protects against a variety of malware and unauthorised malicious software from gaining access to sensitive company information.
Secure device configurations
Although default configurations on new devices or software are convenient when you’re getting started, make sure you change the configurations immediately to reduce the risk of a breach or cybersecurity incident.
Keep devices and software up to date
Manufacturers and developers consistently release updates or patches for their software, devices and systems for two reasons:
- to patch gaps in the system's security
- to make the devices and software run more efficiently.
Prioritise keeping all software associated with your business up-to-date. Hackers are constantly on the lookout for unpatched devices, websites and systems to exploit, so you must keep your software and systems up to date to protect your business from threats.
Don’t overlook your cybersecurity stance
This article offers a stepping stone towards creating a solid cybersecurity stance for your ecommerce business, but to protect your website and your business income, you need a thorough cybersecurity strategy To help you, our expert team has created this Developing a cybersecurity strategy for SMEs white paper, which offers you practical guidance for you to start planning your strategy.
Get our expert help
Need experts to help you along the way? Our team is always at hand to help. We are a CREST-accredited organisation creating bespoke solutions to suit the cyber security needs of all business types.
Get in touch to discover how we can help you.
All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.