It’s no secret that as the world of e-commerce is growing, so too is the number of people who want access to all the sensitive data that companies are storing. Personally identifiable information, usernames/passwords, and email addresses are all hot commodities. And of course, getting credit card information is one of the fastest ways to start causing disruption to businesses and consumers alike.
Running a business in a digital economy means companies must invest in cyber-security solutions to defend against the myriad ways hackers try to gain access to data. These methods are also changing quickly and becoming more creative, but there are a few standard ways that we see frequently. Below are some of the most common cyber-attacks your business or customers may face, and how to protect against them.
Denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks
As the name implies, these types of attacks are designed to interrupt service to your website. A hacker will flood your network with illegitimate requests so that legitimate customers are unable to view your website. If a customer is unable to access your products and services to potentially make a purchase, they make take their business elsewhere.
Malware and Ransomware
Malware is malicious software that gets put onto your system that can disrupt your operations – and downtime is expensive! Ransomware is a type of malware where hackers gain access to your system and hold it hostage, usually demanding a large sum of money. Once they receive the ransom, they promise to provide instructions on how to regain access.
Phishing
This is a type of attack where a hacker tries to trick their victim into providing sensitive information, typically through phone, email or text. For example, they may call one of your customers pretending to be a representative of your company, and tells the customer they need to verify their account information. When they ask for the username and password, the customer might provide it thinking it is a valid request. Once the hacker has the account information, they may be able to access other sensitive data like the customer’s credit card information. If done by email or text, sent messages could contain malware disguised in a link (maybe a request to reset a password, or again verify some account information). Once the link is clicked, the malware is deployed and hackers can access the data they are after. In some cases, the malicious actor will target a specific individual with an even more personalized message to try to get them to take action.
Cross-site scripting (XSS)
In this type of attack, the company is usually unaware that a piece of malware has been put onto their website that disrupts the customer’s experience, and they may be exposed to malware or phishing attempts while you’re unaware.
Domain Name System (DNS) Spoofing
Here, a malicious actor would create a fake version of your website that could potentially trick customers into visiting it, believing it to be your actual website. If a customer tries to purchase something, they are sending their personal data and credit card information directly to the hacker. Similarly, hackers may engage in e-skimming if they are able to gain access to your system through another means, and will simply watch and collect the payment information as it is entered in real-time.
While this is by no means an exhaustive list, these are some of the most common threats you could face as an e-commerce business.
Some steps you can take
- Make sure you are Payment Card Industry Data Security Standard (PCI DSS)-compliant. Any company that manages credit card transactions must meet these requirements. These standards provide actionable steps that businesses can take to secure their networks and protect customer data during transactions.
- Use a firewall and anti-virus protection. Make sure you are continuously monitoring and testing your network to patch any vulnerabilities. You can also enlist the help of cybersecurity solutions that will handle this for you and are constantly assessing risks and updating their knowledge of new threats.
- Educate your employees. Attacks like phishing are designed to take advantage of human nature, but if your team knows what a suspicious email might look like, or steps they can take when they think they’ve received a malicious link, you can help mitigate the chances they will unwittingly unleash malware on your website.
- Limit the number of people who need to have access to sensitive data and add as many layers of security as you can. For example, having unique usernames for each person as opposed to a single login, or enabling multi-factor authentication.
- Let your customers know what kinds of communication they can expect from you – for example, if they will never receive an email asking to update their login credentials, make sure that information is available in your security policy so if your customers receive said email, they’ll know it’s not a legitimate request.
Cyber-security can often feel like a game of cat and mouse, where you’re trying to stay one step ahead of these malicious actors. Thankfully, there are a lot of easy steps you can take to beef up your security and ensure your customers are protected.