At Williams Commerce we are committed to maintaining a safe ecommerce environment for all our clients and their customers.
Online securityĀ andĀ data protectionĀ are top priorities for ecommerce businesses.Ā Data protection and online securityĀ involves more than the immediate financial and operational impact of a data breach. Customer trust and reputation can be damaged, sometimes beyond repair.
These issues are major concerns around the world but in Asia, and especially Southeast Asia, the rate of attemptedĀ fraud is up to 12 times greater than the global average. Online merchants lose in the region of 1.6% of their revenue to fraud each year.
Data protection threats
Wherever sensitive data is held, cyber criminals will be looking for ways to access and steal it. Here are some of the biggest risks:
FraudĀ ā criminals make unauthorized ecommerce transactions and then remove any record that they have taken place or, alternatively, they will fake return or refund requests. With the boom inĀ digital banking and new online ecommerce accountsĀ during the coronavirus pandemic, this is a major issue for online businesses around the world and especially in the burgeoning ecommerce market in Asia.
Spam and phishingĀ ā malicious online attacksĀ increased by over 30%Ā in the first four months of 2020, with retail and wholesale organizations most heavily targeted. Spam emails are common, often targeting contact forms, review boxes and blogs. They create links to sites that can cause damage to your business systems and ecommerce platform.
Phishing takes place when criminals pretend to represent legitimate businesses to acquire sensitive information. Most phishing begins with an email, seemingly from a trusted sender, with an urgent request. Criminals target ecommerce businesses with phishing emails to plant malware in your systems that will give them access to your databases.
Trojan horsesĀ ā just like the legend, where a wooden horse is used to smuggle soldiers into the enemyās stronghold, criminals use software that looks legitimate to illegally access your systems and steal your information. If they can inject their malicious software into your site, they could access all the information you hold. This isĀ a growing concern in the financial sectorĀ and represents a significant risk for ecommerce organizations.
There are even concerns thatĀ imported power equipmentĀ could be used to introduce malware into the ecommerce ecosystem.
Brute forceĀ ā although it is a less sophisticated approach, criminals can use automated software toĀ generate guesses for login details and encrypted data.Ā You should be particularly concerned about attacks on your admin panel. If this isnāt adequately protected, all your backend systems could be unlocked with one automated attack.
DDoSĀ āĀ distributed denial-of-service (DDoS) attacksĀ quadrupled this year, compared with 2019. They can bring your business to a standstill by flooding your systems, servers or networks with requests until they are overwhelmed and crash. They can be used to create a distraction allowing criminals to break into your systems while youāre busy restoring your site.
Data protection defences
A secure protocolĀ ā websites need to communicate with the internet and each other. At the beginning of a siteās address or URL you originally saw the letters āHTTPā. This was the original site security protocol, which allowed unencrypted data to be shared, causing security concerns. Google Chrome will now mark these sites as ānot secureā. Modern sites should use HTTPS orĀ secure socket layer (SSL)Ā certification where data is encrypted, reducing the risk of attack.
Payment gatewaysĀ ā yourĀ payment gatewayĀ is a high-risk area because personal information is involved including addresses and payment details. A secure gateway is essential to make sure that all this information is securely transferred for processing. This can include end-to-end encryption, tokenization and, at the very least, meeting theĀ Payment Card Industry (PCI) data security standards.
Anti-virus and anti-malware protectionĀ ā using high qualityĀ anti-virus and anti-malware softwareĀ will help to reduce the risk of successful attacks by hackers, spammers, and phishers. However, the most important protection is training to make sure that your employees follow good data protection practices.
Access controlĀ ā people should only access the information they need. Security scan tools, two-factor authentication, and time limits for passwords are all helpful steps. Regular reviews of admin access, site scans and permissions control are good practices to follow.
Even the professionalsĀ can suffer at the hands of hackers, so itās essential to continually review and revise your practices.
Platform maintenance and updatesĀ ā when an ecommerce platform becomes popular thereās an added incentive for criminals to find ways to breach security. Your ecommerce platform should have built-in security capabilities and should be regularly updated to protect your site from known risks. If you use plug-ins for your site, you will need to be confident that these are well-maintained for security too.
How Williams Commerce can help protect your data
At Williams Commerce, we work closely with ecommerce platform providers to stay ahead of security risks.
Effective security relies on understanding your weaknesses and prioritizing your defences. We provide our customers with confidence about their online security measures.
In addition to ourĀ ISO 9001 certification, we also haveĀ Cyber EssentialsĀ and Cyber Essentials Plus certifications, and our Cyber Security team is constantly on the lookout for potential threats.
Here are some steps we frequently recommend:
TestingĀ ā regular penetrationĀ testsĀ will alert you promptly to vulnerabilities. You will then have an opportunity to find solutions before you are targeted by criminals. There are many types of penetration test, but ecommerce businesses should start with a web application test. A cyber security expert will probe your applications, using the same techniques as a criminal hacker looking for ways to exploit your systems, and you will be informed of any weaknesses.
Review your data protection practicesĀ ā to run an ecommerce business you will have to collect customersā personal information, which means you are responsible for protecting it. Cybercrime represents a serious threat to data protection. For example, theĀ averageĀ cost of a data breachĀ to organisations in Association of South East Asian NationsĀ region is S$3.6 million (US$2.62 million) and the average number of records involved in each breach is 22,500.
You must also make sure that you donāt use your customersā information without their permission. This might include using it for marketing purposes or sharing it with third parties, which could lead to a fine. We can help you set up and maintain industry standard privacy policies.
Find out more about how Williams Commerce can help to protect your valuable data assets.Ā Speak with one of our experts.