close

Security

eCommerceSecurity

Data Breaches of Ecommerce: Tips For Retailers And Shoppers To Stay Safe

Data Breaches of Ecommerce: Tips For Retailers And Shoppers To Stay Safe – Beta Compression

Data breaches are real.

If you’re thinking of starting an ecommerce business, have you thought of the COST? No, not startup capital or operational cost,

by COST I mean

Customer’s
Online
Security and
Trust

You need to take that into consideration with your own online security as an online retailer whether you’re growing or thinking of starting an ecommerce business.

Online shopping transactions begin and end online but due to avoidable security fails in some cases, what began online can eventually end in court or in the loss of millions of dollars in a retail settlement like Target and the loss of consumer confidence, none of which you want.

Statista released the following report detailing data breaches in the US between 2005 and 2014.

Data Breaches of Ecommerce - Annual number of data breaches

From the chart above we see that data breaches in the US alone increased over 490% between 2005 and 2014.

Online security is just as important if not more important than offline or physical security, especially for businesses entirely run online.

For these, a major attack could have fatal consequences for the business, business owner or employees, dependents of employees etc.

Hence, ensuring adequate online security is paramount when operating or starting an ecommerce business or any other online business for that matter.

As businesses begin to grow and expand they inadvertently become bigger targets for unscrupulous elements inhabiting cyberspace. Staying one or more steps ahead of cyber attackers should be one of your major business goals this year.

In this post, we shall look at data breaches and how to stay safe in the invisible world of ecommerce transactions but first learn about what is online security and why you should take it seriously.

Read Also: How To Protect Your Business Against Spear Phishing

WHAT IS ONLINE SECURITY?

Basically, online security refers to staying safe when using the internet. IGI-Global defines online security as “the secure display, storage and transfer of information online.”

For instance, using public Wi-Fi to shop online is dangerous, your credit card information could be stolen by hackers or other third parties who may have unfettered access to information you transmit online.

WHY TAKE IT SERIOUSLY?

There are many reasons to take online security seriously. More businesses are moving online, including brick n’ mortar stores.

Some of these new entrants have little to no idea about staying safe online; some better-established brands may become negligent of their online security and unwittingly open themselves up to preventable attacks.

Neiman Marcus and Target have been targeted in large-scale credit card information theft. Just recently in September 2017, a massive data breach was reported at Equifax the credit bureau.

As at end of July 2017 there were 791 reported data breaches in the US alone representing a 29% increase year on year according to reports by the Identity Theft Resource Centre and CyberScout. This figure was estimated to reach as much as 1, 500 by end of 2017.

Read Also: Types Of Cyber Attacks | How To Prevent Cyber Attack

Some of the Largest Data Breaches Recorded

Some of the largest data breaches on record are as follows:

According to reports by CreditCards.com 11% of 2014 global data breaches occurred in the retail sector.

Hence, online retailers must as a matter of urgency constantly evaluate their security infrastructure to ensure compliance with industry best practices because attackers are on the prowl and seriously so; and who are their targets?

MAJOR TARGETS OF ECOMMERCE ATTACKS

Attacks on ecommerce businesses mainly target:

  • Online Retailers
  • Online Shoppers
  • Online Platforms

They target these groups mainly to steal valuable information to commit fraud.

WHAT CYBER ATTACKERS ARE AFTER

Information theft is just one step to the bigger grand theft for which they’ll need:

  • Credit Card information
  • SSN
  • Names
  • Phone numbers
  • Addresses
  • Emails
  • Passwords etc.

WHAT IS A DATA BREACH?

Tech Target defines a data breach as “an incident in which sensitive, protected, or confidential data has potentially been viewed, stolen, or used by an individual unauthorized to do so.”

This information can then be used for illegal activities including shopping online with stolen credit card information or other card present/non-present fraud.

Read Also: 4 Data Protection Tips To Keep Your Data Secure On-The-Go

SOME CYBER CRIME STATISTICS TO TAKE NOTE OF

Below are some eye-opening reports and statistics of reported cyber attacks you need to keep an eye on.

Data Breaches of Ecommerce - Worlds biggest Data Breaches

Some of these were

  • accidentally published
  • hacked
  • inside job
  • obtained from lost/stolen computers or other lost/stolen media
  • due to a security lapse
  • due to unknown causes
  • caused by a virus

Whatever the cause, the effect is same; loss of confidence and associated revenue.

DATA BREACHES BY INDUSTRY

Different industries have different levels of average risk exposure, some less, some more.

The following infographic shows data breaches by the industry as of first half of 2017.

Data Breaches of Ecommerce - Data Breaches by industry

Although retail accounted for less than 1% of reported breaches between January and June 2017, it still amounted to 3, 631, 878 breaches, quite a lot if you ask me.

WHAT ARE SOME RISK FACTORS

Doing or not doing the following may increase the chances of your ecommerce store or business being attacked.

  • Non-PCI compliance by retailers
  • Non-use of https
  • Shoppers using public Wi-Fi
  • Shoppers using insecure browsers etc

STAY SAFE ONLINE: 7 THINGS RETAILERS MUST DO

Using the 7 dimensions of ecommerce security below, retailers can take the following steps for enhanced online security

Dimensions of Ecommerce Security

S/N Dimension

Detail

1 Confidentiality Confidential information should be accessible only to authorized persons, and should not be intercepted during transmission.
2 Integrity Non-alteration of information during transmission over a network.
3 Availability Information should be made available on a “need know” basis wherever and whenever required within a specified time frame.
4 Authenticity User authentication required before granting access to requested information
5 Non-Repudiability Protection against denial of creating order or receipt of payment
6 Encryption Encryption and decryption of information to be carried out only by authorized persons
7 Auditability Data should be recorded/stored in line with audit best practices

WHAT RETAILERS SHOULD DO

Having familiarized with the 7 dimensions of ecommerce security above, retailers should implement the following safety measures

  • Be PCI compliant
  • Perform regular/quarterly PCI scans
  • Use SSL
  • Use EV-SSL (Extended Validation SSL)
  • Implement https protocol
  • Encourage shoppers to use stronger password combinations
  • Implement two-step authentication
  • Send sign-in alerts
  • Suggest safe browsers shoppers can use
  • Avoid storing customer card data online
  • Stay updated with latest online security news/trends
  • Ensure ecommerce platform is secure
  • Host store on Virtual Private Server if you can afford to
  • If using WordPress for instance, ensure site, themes and plugins are regularly updated
  • Perform regular backups
  • Send regular security updates to their email lists
  • Create and distribute regular blog content including articles about online shopper security
  • Educate staff on how to identify cyber fraud/attacks
  • Perform regular risk/threat assessment
  • Create online security policy
  • Implement emergency preparedness exercises
  • Assemble technically competent response teams in place
  • Implement SET protocol (jointly developed by MasterCard and Visa), has at least 4 advantages over SSL
  • Adopt geo-location anti-fraud software

Read Also: 4 ECommerce Tips To Keep Your Customers Happy

WHAT SHOPPERS SHOULD DO

As an online shopper, your online security should be your primary concern. Take the following steps to stay safe when shopping online:

  • Avoid using open public Wi-Fi
  • Be vigilant if/when entering credit card info in public internet cafes
  • Use different passwords for different online accounts
  • Use safer browsers
  • Only enter credit card info on https sites
  • Never disclose credit card information over live chat
  • Don’t tell browsers to remember card details/disable autofill for payment forms
  • Learn to identify spam/phishing emails
  • Visit stores by typing URL themselves into address bar
  • Keep antivirus updated
  • Set up firewalls
  • Use disposable credit numbers for one-time payments (private payment number)

CONCLUSION

Both online retailers and shoppers have roles to play in ensuring safer online shopping experiences. Implementing these tips will greatly mitigate the increasing trend of hacks and data breaches targeting ecommerce operators.

Read Full Article
SecurityTechnology

How to Protect your Business Against Spear Phishing

Untitled design (1)

Spear phishing, if executed in the right way, can be more dangerous than all the malware in the world combined.

What exactly is it and what can you do to protect yourself and your business from it? Keep on reading to find out!

What is Phishing?

“Normal” phishing is when a cybercriminal tries to fool the victim into either infecting himself with malware, or to provide his login credentials for a social media, banking website, or anything.

They usually send these emails to multiple random people at once, hoping that someone will fall into the trap.

That trap is usually an extremely obvious one. More often than not, they look like “CLICK HERE TO OBTAIN 1 MILLION DOLLARS” and stuff like that.

They make the phishing emails in that way because they want to make sure that only extremely naïve people will come to them. People who are more likely to provide their information compared to others.

Read Also: Types Of Cyber Attacks | How To Prevent Cyber Attack

What is Spear Phishing?

Spear phishing has more or less the same target with your average phishing. The difference is that the emails are targeted towards very specific people or organizations and are tailored specifically for them.

Cybercriminals who work with spear phishing try to analyze their target and obtain as much information from them as possible and use it against them.

For example, they can use names and company roles to make themselves appear as an inside member of the company when sending an email.

Something like “Hey, can you check this invoice? John. P!” or anything like that. Spear phishing emails are tailored in such a way that they look legitimate. Which is why they are so much more dangerous than your average phishing email.

These emails can be utilized for anything from obtaining info to stealing files and asking for a ransom like the Ransomware malware does.

Read Also: 4 Data Protection Tips To Keep Your Data Secure On-The-Go

How to Protect a Business from Spear Phishing

All in all, there are 5 simple steps to follow that will help your business survive a spear phishing attack:

1. Keep your employees informed
2. Use a security configuration
3. Use a VPN
4. Encrypt your important files
5. Keep backups

Keep your Employees Informed

The first layer of computer security is the PC user. If your employees know what’s up with spear phishing, then they’ll always be more alert and suspicious.

This, in return, highly increases the chances of surviving a spear phishing attack. And you don’t have to be too specific. A 10-minute lecture could be enough to cover the basics.

Do also try to confirm that the emails from insiders are legitimate. You never know when someone will try to impersonate one of your employees.

Use a Security Configuration

As mentioned before, cybercriminals can use malware such as keyloggers or Ransomware to steal important information or files from your business.

Security programs are lifesavers in this kind of situation. The ideal configuration is using one Antivirus and one Anti-Malware on each computer.

That’s because the two of them detect different kinds of threats. Using two Antivirus programs or two Anti-Malware ones is not recommended. That could cause slowdowns and interference.

It’s advised to go for licenses which offer the program for multiple computers at once. It’s much better than buying single licenses for each computer due to the smaller cost.

Use a VPN

VPN stands for Virtual Private Network. It’s a great way to encrypt all of your network traffic.

If you pick a good VPN provider, then absolutely no one will be able to spy on your network activities.

In fact, even the government and your ISP will have a rough time. Imagine how hard it’ll be for a common cyber criminal to step in.

Because of that, VPNs provide a safer, more private web experience. And that’s extra useful in cases where sensitive data is being transferred back and forth.

Encrypt Important Files

Encrypting your files will make so that they won’t be accessible to anyone who doesn’t have the decryption key.

In that way, if someone steals your files, he won’t be able to have access to them. They will be completely useless unless he also gets his hands on the decryption keys.

There are decryption programs that can decrypt encrypted files. But, more often than not, they won’t work. Encryption is nothing to laugh about.

Keep Backups

Keeping backups is an effective way of safekeeping your files. If you get attacked and you kept backups, then you now have the chance to figure out how the cybercriminal got in, change your passwords, restore your files, and keep on working like nothing ever happened.

Again, you don’t necessarily have to backup everything. You can usually get away with backing up your important files only.

However, if you can afford to literally backup everything, it might not be a bad idea. Better safe than sorry right?

Read Full Article
bloggingSecurityTechnology

Types of Cyber Attacks | How to Prevent Cyber Attack

how to prevent Cyber Security Attacks – Beta Compression

Computer technology has its advantages written all over our daily activities and it’s undebatable that it has improved lives.Everything now is done online, right from studies to dating, banking to shopping and virtually anything else you can think of.

For all my nostalgia over things like letter writing, hard paper books and the joy of shopping physically, I cannot wish to go back to a time where there were no personal computers, smartphones or the internet. With every new app, device, and utility, we all become more dependent on the various information technologies. Yet it is this dependence that makes us vulnerable to new forms of personal and corporate attacks.

Nothing is infallible and computer-technology is not an exception. People are oblivious to the danger they expose themselves every time they go online, receive an email or even click that pop-up link that shows up randomly. Cybersecurity attacks are growing at an alarming rate quickly going beyond simple social sites identity theft to corporate espionage, international terrorism among other forms.

The last couple of years In March 2015, Primera Blue Cross Company, a health insurance company in Washington State, fell victims of cyber-attack where 11million customers were affected. Hackers gained access to the system and the breach could have exposed member’s names, dates of birth, social security numbers, and dates of birth.

In another cyber-attack, on November 2014 Sony pictures were the victims. The hackers wiped clean several internal data centers and led to the cancellation of the theatrical release of “The Interview” and also contracts and salaries information was stolen. Just to cite few examples of past prominent attacks against corporates.

Cyber Security Attacks and How to Prevent Them - Beta Compression

From last year the incidents escalated with some even suspected to be state-sponsored. Corporates and individuals are called to be vigilant if they are to keep up with the dynamic threat of cyber-attacks. The first step in finding a solution to these attacks is to understand the forms or rather types they come in. These forms are clearly enumerated below.

1. Brute force attack

The brute force attack gets its name because it resorts to using exhaustive effort and not of intellectual strategies will use a specially designed software that attacks a password-protection mechanism. The software attempts to guess the password by generating several combinations. The more characters a password has, takes more time and resources to crack. It may be time-consuming but it is considered infallible.

Read Also: How Chat Bots Will Change The Future Of Web Development?

2. Injection Attacks

These attacks target web apps data. There are various forms of injection attacks;

I. SQL Injection Attack

It targets a server that stores critical data for websites and uses SQL to manage the data in their databases. In this attack, a malicious code or data is injected into the server that enables the hacker to instruct the database. The database ends up performing unauthorized functions like dumping all the stored usernames and passwords on the site.

II. Cross-site Scripting

It targets the users of a website. The malicious code injected, will only run through user’s browser when the user accesses the attacked website. After which the web app will run instructions that you haven’t authorized.

Read Also: 6 Strategic Tips To Use Twitter For Your Small Business

3. Social engineering/cyber fraud

It targets individuals, basically the people who use a given network. It is based on trust and manipulation. It is quite obvious that hackers cannot ask for password directly. They use several of forms of impersonation that you cannot suspect any malice. The hacker can send you an email that will appear to be coming from the CEO and unknowingly one might end up giving up sensitive information to the wrong person.

In social engineering, the attacker works on the psychology of the victim who could be a private individual or a company employee. There are several forms of social engineering including;

I. Phishing

an attack where the victim is manipulated mostly in an email such that he or she exposes sensitive personal information which the attacker steals. The emails are designs to evoke fear or urgency

II. Pretexting

the attacker fabricates a situation largely through impersonation to create a false sense of trust from the victim and exploit the created vulnerability.

III. Baiting

gain information through the promise of a free item or good in exchange for some personal information

IV. Quid pro quo

similar to baiting with the only difference being the promise of a service.

Cyber Security Attacks and How to Prevent Them - Beta Compression

4. Malware

Malware is an acronym obtained from the words malicious software. In this attack, malicious software injected into the system is designed to gain unauthorized access. There are various types of malware that are discussed below;

I. Spyware

A software is introduced to keep tabs on your network. This is normally done to obtain passwords, confidential information or gain access to unidentifiable information.

II. Worm

It uses existing computer services to replicate itself without any help from the user. It eats into the system and spreads through the network. It allows access to a network and it also can use up space on your server causing the server to crash,

III. Ransomware

In this case, your computer is locked till you pay a particular ransom to get it back.

IV. Virus

This is a malicious code that attaches itself to a program and replicates when the user runs the program.

V. Trojan

Trojan horse malware can appear legitimate but once run it opens a door for hackers to get in and access your files or network.

VI. Scareware

This kind of malware comes disguised as a pop-up that issues a warning that encourages the user to download a particular software for their own safety.

VII. Adware

This is spread through an advertisement that provides some form of financial benefit to the hacker. After being infected by adware, the victim is hit by a series of pop-ups, toolbars and search bars and other forms of ads whenever they try to access the internet.

how to prevent Cyber Security Attacks - Beta Compression

Cybersecurity attacks are preventable. It is better to learn from others mistakes rather than your own.

Read Also: Mobile SEO Strategy That Still Works In 2017

How To Prevent Cyber Attacks?

Below are the ways to prevent cyber attacks:

I. Back up files, consistently

When files are backed up consistently one can always access them in case of a ransomware or when data has been deleted. The files should be backed up in an insulated, external environment so that you can access them without paying a fee.

II. Update Everything

Update security software, browsers, and antivirus. Updated versions of security software provide round the clock protection to networks and devices from the infection of newer malware attacks.

III. Stop malware when it Starts

This involves stopping malware from spreading to a compromised system

IV. Encryption of Data

This is a method that has been widely used and has worked. It is a safe way of preventing cyber-attacks despite the format the system uses. Encryption keys should be stored somewhere safe, separate from the encrypted data.

V. Validation

This method is useful in preventing injection attacks. It ensures that only authorized users are able to input data into an app or website.

VI. Choose a firewall that offers superior threat protection and high performance

Look for a firewall that has been independently tested and certified for network-based malware protection by ICSA.

VII. Choose a firewall that protects global Threats

Quick response to cyber-attacks is essential. A firewall should have a universal functionality where it protects the system from mild and severe attacks.

VIII. Educating Users

Make users aware of suspicious emails, links and coming up with ways of reporting anything they suspect to be fraudulent. Encourage them to constantly reset their passwords and also install passwords on their systems.

IX. Employ or consult cybersecurity Experts

Be in constant contact with cybersecurity experts. This will ensure that you are aware of the new ways hackers are employing. It will also ensure that your system is constantly updated with new and effective ways of preventing cyber-attacks.

X. Intrusion Detection Systems

This will ensure that attackers do not exploit network vulnerabilities. The program also monitors the system for bad behavior.

Conclusion

Cybersecurity attacks are severe and grave when they hit, in fact, it has been ranked by the FBI as one of its top priorities. “I have nothing to hide” has been an all-time excuse held by many and this has exposed them various forms of cyber security attack. Being complacent with your cyber security or uninformed of the newest threats comes with a price no one can afford to pay. We are called to be vigilant, diligent and watchful.

Read Full Article