A new report from the Ponemon Institute found that eCommerce retailers anticipate an average revenue boost of 55 percent on Cyber Monday and that just one hour of downtime would cost a company an average of almost $500,000. And it’s not just big businesses that get attacked; last year, a separate report found that nearly a third of all targeted attacks were directed at SMB’s and organizations with less than 250 employees. After all, many hackers assume that smaller businesses don’t have the time, energy, or resources to prevent their attacks – but if you have better control going into the holiday season you can severely cut down the risk by working in advance to protect your site and customers. There’s no need to be afraid – just preventative and vigilant.
1. Don’t Store Sensitive Records – And Purge The Information You Have Stored Now
Online retailers will be overloaded with customer data over the next few months, and it’s important to encrypt and store what you need – and then get rid of everything else. A good idea is to keep only enough data for cases of refunding customers and refuting chargebacks and removing all old data before Thanksgiving.
Complying with the PCI Data Security Standard, created to protect cardholder data, isn’t a hassle as much as a potential lifesaver for your business. The standards are there to not only protect your customers but your business as well, and compliance to them gives your customers a higher level of trust in making purchases from your site. The loyalty that comes with that trust creates a higher rate of return and word of mouth recommendations.
2. Require Strong Passwords
A look at the 20 most popular passwords from Adobe’s recent breach of security points to the fact that although the majority of us know that we’re supposed to be using complex passwords, we simply don’t – it’s a big hassle, but one well worth your while. It’s a great idea to use strong passwords on sites you use personally, but you should also be enforcing strong password requirements on your site: at least 7-8 characters with numbers and uppercase letters. Hackers often use automated tools to ‘guess’ passwords, so the more complicated the password, the less risk of hacking there will be. Another way to protect yourself and your users from password breach is by storing passwords as encrypted values with a hashing algorithm that prevents them from being decrypted by malicious hackers.
3. Use A Multi-Layered Defense
As experienced hackers already know, there are numerous ways to ‘skin the cat’ when it comes to stealing a website’s sensitive information. It’s your ‘job’ to increase the hacker’s “work factor” and make it more difficult to compromise your site’s security. While most companies do well protecting their network through a firewall and perimeter security, there are several other areas that also necessitate special attention, including application, host, and data security.
4. Patch Your Software & Keep It Up To Date
Chances are that your eCommerce site employs some software that was not authored by you or your team. It’s vital that you keep tabs on known software issues so that you can update and patch your software as soon as you see something. Since you most likely don’t know what vulnerabilities might have existed in the code, one of the key ways to preventing malicious attacks is keeping up to date with software security. The National Vulnerability Database is a great resource for information and news.
It’s important to keep in mind that steps like the ones listed above will never completely eliminate vulnerabilities on your eCommerce site. But it will make it much more difficult for a hacker to get what he or she is looking for on your site and is much more likely to move on to a less-secure target.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.