E-commerce sites are prime targets for scammers who are always finding and exploiting new digital vulnerabilities. The best way to stay ahead of the scammers is to understand the threats and how to fight them.
Figuring out the best cyber security tactics to stay ahead of scammers and avoid cyberattacks is an ongoing challenge for e-commerce sites. Data breaches, phishing, ransomware, denial of service and supply chain attacks are on the rise – making online retailers prime targets for hackers.
It’s easy to understand why. E-commerce is a mainstay in 2023, according to the latest research. Some 2.64 billion people shop online – a number that continues to grow. The temptation for malicious actors to take advantage is huge and simply too big to pass up.
Not surprisingly, the e-commerce industry experiences nearly one-third of all cyberattacks. The average cost of a data breach globally is US$4.45 million.
The financial costs of a data breach can include compensating customers for damages, fixing the vulnerability and, potentially, legal expenses.
Data breaches also result in lost trust, both on the part of existing customers who may be directly impacted and potential customers who learn about the hack. In an instant, the brand reputation and recognition you’ve worked long and hard to create can be wiped out.
According to IBM, “51 per cent of organizations are planning to increase security investments as a result of a breach, including incident response (IR) planning and testing, employee training, and threat detection and response tools.”
For business owners, the best way to protect against a cyberattack is to understand what you’re up against and adopt proven best practices to fight these threats.
Six common cyber threats
1. Internet of Things attacks
Internet of Things or IoT technologies, which can connect and interact with other devices over the internet, are increasingly being used in e-commerce. IoT sensors, radio frequency identification (RFID) tags and GPS are being used to better manage inventory, supply chains and logistics, enhance point of sale systems, and enable mobile payments. Yet, while more than 80 per cent of e-commerce sites use IoT devices, less than half have implemented strong security protocols to prevent hackers from stealing and manipulating data or tracking customers’ online purchases and scamming them.
Fast fact: Since 2005, retailers have experienced more than 10,000 data breaches, largely because of weaknesses in their payment systems.
2. Distributed denial of service
These attacks overload an e-commerce site’s servers with traffic from multiple sources leading the site to crash or go offline.
3. Malicious code
This can involve injecting malicious search query language (SQL) into a database or cross site scripting (XSS) using JavaScript code into a website to steal payment and password information, as well as customers’ credentials. Hackers can use this information to commit payment fraud. Malicious code can also be injected into point-of-sale systems to steal credit card information. This is called e-skimming.
4. Phishing
This occurs when scammers use emails or text messages to convince people to share personal and financial information. The links provided in the messages are designed to look familiar and trustworthy but lead to dangerous sites, where attackers will gain access to the information and exploit it.
5. Malware and ransomware
Malware is software designed to disrupt or damage computer systems. Ransomware encrypts a site’s files, locking out the owners unless a ransom is paid.
6. Brute force attacks
This time-consuming tactic involves hackers systematically attempting every possible combination to guess a user’s log-in password.
E-commerce security best practices checklist
Select an e-commerce platform and third-party apps and plug-ins that prioritize security
Every e-commerce platform has its own security services, features and requirements for merchants. Ensure you understand what’s available to you and what you’re responsible for when it comes to addressing security threats and weaknesses. Does the platform offer 24-7 security support and threat assessments? Apply the same approach to assessing third-party apps and plug-ins. Regularly audit these third-party add-ons and remove any that you aren’t using.
Manage administrative rights and access to sensitive data
Be selective. Only assign administrative rights to the people who need them. The same goes for sensitive data. Remove permissions and access when a person leaves the company.
Get an SSL certificate
Secure Sockets Layer (SSL) certificates provide an encrypted connection between a web server and browser making it difficult for bad actors to intercept private data. This added layer of security is displayed as Hypertext Transfer Protocol Secure (HTTPS) in the URL, giving customers greater confidence that their data is safe.
Fast fact: 85 per cent of online shoppers skip over unsecured sites.
Tip: Add a registry lock to protect against domain hijacking.
Only collect the information you need
Limit the customer information you collect to what is essential to complete a purchase. Give users the ability to easily delete their data.
Require staff and customers to create strong passwords
Passwords should be at least eight characters and include a mix of capital and lower-case letters, numbers and symbols. Complexity and uniqueness are key. Make this a policy. Further increase security by offering two-factor authentication. It’s an effective way to protect against unauthorized access.
Stay up to date on and in compliance with PCI-DSS regulations
The Payment Card Industry Data Security Standard (PCI-DSS) is a set of mandatory security standards to protect credit and debit card users. Monitor changes to the standards and update as necessary.
Always stay current with software security
Make sure you update software and implement security patches.
Provide cyber training to your employees and suppliers
Supporting the behaviour you want to see among your staff and suppliers is among the most effective ways to protect against cyberattacks. Provide education and testing to help the people who make your business possible aware of security threats and how to deal with them.
Prepare for the worst
Create a response plan in the event you are hacked. The plan should include steps to identify the data that has been accessed, mitigate the impact of the breach and communicate what happened.
If cyber security isn’t already a priority, it should be. Data breaches and cyberattacks are on the rise and hackers have their sights set on e-commerce businesses. Be proactive and take the necessary steps to protect your customers and your business against cyber threats.