Security is one of the least considered areas of e-commerce, until something goes wrong. Companies are keen to update the front-end e-commerce, or engage the latest social strategy, while security is left on the side line. It is not sexy, nor is it in your face, but it is very very important to protect your business from hackers.
If you have an attack, it can cause a huge amount of damage to your business. Approx. 16% of companies who have assessed the financial impact of a cyber-attack valued the loss at more than £5m. However, over 60% have not assessed the impact at all. Nor have they taken sufficient action to avoid attacks happening.
From 2014 to 2015 the number of web attacks per day rose 117%, from 493k to 1.1m. With website vulnerability also rising 2%, more and more websites are being affected by cybercrime. In a 2015 study of Retail and e-commerce Security, 100% of e-commerce retailers had web vulnerabilities that could be exploited.
Hackers take advantage of vulnerabilities to access sensitive information such as customer credit card details. Criminals are no longer robbing banks, they are hacking websites. If you do not have suitable security policies, then you are at risk.
We have compiled a list of the top 5 free security tools for protecting your business and your customers.
How to check if you have been hacked
North IT have come up with a clever tool to allow you to check if you or your colleagues email has been hacked. Hackers attack large companies (like when LinkedIn and Yahoo were hacked), and post the details either for free or paid on the Dark Web.
North IT have compiled a list of all the hacks, allowing you to search the database to see if details have been compromised.
We suggest that you check all the admin emails, along with any personal emails associated with them. Quite often, people use the same emails for work accounts as they do for personal. This will ensure that admin passwords to websites are not freely available on the Dark Web.
How to make sure you have an SSL and it is working
If you are operating an e-commerce site (or indeed any site that collects sensitive data) you need to have an SSL certificate.
An SSL or Secure Sockets Layer, is a security protocol used for establishing an encrypted link between a server and a client. It simple terms, this means that sensitive data is encrypted before it is sent into the ether, helping to protect it from hackers.
This is one free security tool by SSL Labs that will ensure your SSL is configured correctly. We recommend that you test this on a regular basis to ensure that there are no issues.
Is your site up and running?
Uptimer Robot lets you know if your website has gone down. While this does not necessarily mean that your website has been hacked, it does act as a useful early warning system.
From a user-friendly dashboard you will have the possibility to verifies downtime from multiple locations. Knowing that there is something wrong with your site as soon as it materialises, gives you the opportunity to react as soon as possible. Using security tools like Uptimer Robot can help with this.
How to prevent email spoofing
DMARC is an email-validation system designed to detect and prevent email spoofing. In short, having one of these will help to keep you safe from common phishing and email scams. You can be aware about Blacklist issues before they become a problem.
The tool created by MX Toolbox will let you know if you have one associated with your domain or not. If you don’t, you will need to talk to your hosting provider to sort it out for you.
Check for viruses and malware
We all know what viruses and malware are, and that it is bad to have them on our computers. Still,not everyone uses a virus and malware scanner.
If a PC has access to the admin part of a site, then it MUST be scanned regularly! Scanning is such a simple task (and it’s free), yet so many people forget to do it. Put it in your calendar to do a scan at least every month.
In addition to these 5 free security tools we have compiled a list of actions that you should be taking to keep your e-commerce safe. If you would like to learn more about that topic you can read 10 things that you should do to keep your e-commerce safe.
While these are good steps, that you should be doing as a minimum, we thoroughly recommend engaging a specialist company manage your security. They will provide regular testing of all the above, and much more, to ensure that you are not hacked.
Image credit : Azkadiusz Platek