Following a recent experience, in which thanks to our security protocols we were able to detect an attempted cyber attack in time, some of our customers have approached us to ask how they can protect their eCommerce from a similar threat. These are the most outstanding recommendations.
What type of cyber attacks can an eCommerce suffer?
Due to how common data hacking and theft can be, any business that runs an online store should be concerned about ensuring the security of its website.
Fortunately, cybersecurity is a topic of increasing relevance and interest for eCommerce. Protecting your data is as important as the design of your website, your marketing campaign, or the stock of your products.
If it is still not clear to you, think that selling through an internet page without security protocols is like opening a store without a surveillance or alarm system. It doesn’t sound very wise, does it?
What are cybercriminals looking for on my website? The most valuable currency of the internet. Some of the most frequent types of cyberattacks against these types of stores are:
- Phishing or identity theft.
- Malware distribution.
- DDoS attacks through our servers.
Being the victim of an attack not only affects your eCommerce in the short term, but it can ruin the credibility and prestige of your company.
Cyber attacks in Chile, after the social contingency of 2019
In Sep 2020, cybersecurity experts warned of an increase in cyber attacks after the start of social conflict in our country.
This situation added to the trend since 2018:
“… in 2018, according to studies by the international company Kaspersky, two out of every ten Chileans were victims of this scam, putting the country in third place in Latin America and seventh in the world.”
Taking care of our data and that of our clients is everyone’s task. So how do you protect yourself from a possible attack?
1. Make sure your site runs under the HTTPS protocol so that your buyers have a minimum of encryption in their connection to your store.
This protocol is an optimization of the original HTTP web page protocol, created in 1991 and which did not provide any encryption of information. The Internet has evolved a lot since Web 1.0, so the new protocol provides security measures and guarantees that the information cannot be encrypted by third parties.
In addition, the HTTPS protocol is essential for the positioning of your website in search engines. As of 2018, Google penalizes websites that do not have this protocol.
2. Modify the access codes to your sales channel administrator at least every 1 month.
It goes without saying: anyone with access to your passwords can be a potential attacker, even after leaving your company. It is always good to have strong passwords that, among other things, consider:
- Be complex
- Not be personal
- Be practical
- Not be the same password that you use to access other types of services or systems.
It is also important to take care of the place where you store your passwords. Although it may surprise you, one of the most common mistakes is to store this sensitive information in folders called “passwords” or “login detail“.
In this Security in a Box article, you will find other tips to strengthen your passwords.
3. Filter the emails you receive and check if there is a link in the email that is from a safe and at least recognized site.
Do not open a link from an email unless you are sure of the sender who sent it. Banks or other financial entities are very attractive for this type of deception. Please: verify that the link leads to a secure page.
4. Do not check the sales of your store on public networks or WEP.
In general, it is not advisable to access public Wi-Fi, such as in cafes or squares. Make sure you are the only one connected to that network so that your internet traffic does not interfere. Similarly, establish the same protocol among your collaborators so that they do not access your eCommerce sales outside of the office and other workplaces.
5. Include two-step verification in your sales channel for login by your buyers.
Your eCommerce has a huge responsibility with your customer data, but it is important that this responsibility is shared. A two-step verification system prevents a third party with access to the passwords from logging in without consent.
6. Apply roles and profiles to the administration users of your store.
This way you prevent everyone from sharing a single password and you maintain control over what they can or cannot do with your sales information.
Not all your collaborators have the same role and need to access the same information. Choose carefully who can view, edit, or manage your online store information and settings.
How to detect a cyber attack on your eCommerce
Attacks often go completely unnoticed and only after months do the attacked companies manage to detect a security breach in their systems. Here are some tips to detect an attack:
1. Having unusual traffic on your website from one or more IP’s per second could be an indication of a denial of service or DDoS attack
2. Creating, deleting, or editing sensitive data for the company
3. Unusual performance of your system
4. New users not recognized by the system administration
Who is responsible for the security of your eCommerce?
These tips are valid for online stores of any size or volume of sales. Although the vast majority of eCommerce platforms, such as VTEX, Prestashop, Shopify, or Woocomerce are secure providers, you should not trust yourself: any extra effort you make to protect your security can prevent a possible crime that affects you and your buyers. Find out, research, and spread the culture of cybersecurity.
If you would like to know more about this topic, do not hesitate to ask us. At Shipit we are open to sharing our knowledge to help each other take care of ourselves.