It’s no secret that online sales are continuing to increase year on year in the UK. In 2016 online sales totalled €153 billion and no level of economic uncertainty seems to seriously impact the rise of the sector.
This level of spending presents a tempting target for cyber criminals. If you conduct any of your trade online (either through custom portals or third-party shopping carts) there are certain points you must focus on and make secure. This is such a sensitive area, not least because customer trust is fragile. Processing transactions with credit card details is a vulnerable moment for any online retailer, and the data must be kept secure. Don’t get complacent. Your retail shopping cart may present the most promising target, but there are other adjacent weaknesses that may leave your online environment vulnerable.
Here are three of the biggest threats to ecommerce set ups, and how IT teams can work to mitigate them.
Third party web components
If you don’t have a completely custom-built website, you will be using third party web components. The main one to watch is your online shopping cart. It’s very common to outsource this portion of a website, and there are many reputable vendors out there. Be sure to work with a company that has a proven track record of security. Unfortunately, these third-party components are a common target for malicious actors. Malware such as keylogging scripts can be inserted into the software, often using known vulnerabilities in outdated versions of the program. Keylogging scripts are particularly dangerous, as they record every key pressed while using your retail portal, which will typically include sensitive credit card details. Hackers are known to seek out outdated editions of vulnerable software like this, because often the security weaknesses are publicised. Close this loophole for data theft by patching your software as soon as updates are made available. Do not wait. If you do not control your website but have an external site manager or web developer, ensure there is a Service Level Agreement that specifies how often and how quickly any patches or updates will be applied. This may add a level of liability protection for your business if there is an issue but will not recover damaged consumer trust. Ensure any third-party plug-ins are trustworthy and up to date.
Denial of Service attacks are not new, but the severity of them and their growing ubiquity should be concerning for any company that trades using online portals. Because they are often decentralised, they are virtually impossible to stop and are very difficult to deflect. Recall that a DDoS attack attempts to make a website or other online service unavailable by causing it to ‘crash’ under a bombardment of simultaneous visitors. The website is simply overwhelmed by the traffic and shuts down. This may not sound like a threat your business needs to worry about, but it is. Even if your own website does not become a DDoS target, another website that your business relies on could be hit. Imagine if your website host was targeted, or your email provider.
While DDoS attacks used to be conducted by people, there is a greater likelihood that smart devices are being co-opted to undertake the attacks instead. The bombardments are beginning to come from hijacked Internet of Things networked devices like home DVR machines. It can take a great deal of time and resources to get your website back online and regain consumer trust. How can you protect your business from a large-scale, coordinated attack like this? In this case, the best thing you can do is connect with your Internet Service Provider (ISP) and arrange for automated DDoS mitigation methods to be enforced at the network edge.
Open source codes
Open source software can be a boon to businesses who are trying to keep budgetary outlays to a minimum. Instead of purchasing official editions of software, it can be quite simple to download community-made substitutes. These are often free or very low cost and can function as well as professionally made software. Common examples of these are programs like word processors and accounting packages. Unfortunately, these programs are often free, but come at the cost of security protocols. The code is completely open for anyone to see and manipulate, and this leads to obvious opportunity for security to be compromised. Further, as these programs are often community-driven, there is little, or no accountability should anything catastrophic occur. If your business cannot afford to purchase professional packages, you have a couple of options. Consider using Software as a Service (SaaS), where high quality software is available on a subscription basis. This is often very affordable and easy to manage. If you are determined to keep using your open source software, contact your IT support team to have the code inspected and have any executive files identified. This will help remove most of the risk. Always seek out updates if they are released.
Proactive protection for ecommerce websites
As a business, the one thing you can do to protect your online presence is to be proactive. Self-defence is usually a case of simple digital hygiene practices. Implement strict password controls, automate updates and patch installation, and set up google alerts for your company name. Make sure you know where your website is hosted and how to contact them if you need to. If you’re ever unsure about how to inspect your website components or any other aspect of your ecommerce solution, reach out to your IT support team.
About Mustard IT, your IT support partner
Mustard IT provide the design, build, and installation of secure IT servers and networks, and web portal cyber security protocol. Our trusted team are experienced and able to explain complex issues to you in a language you’ll understand. Contact us today to find out how we can help you.