Due to the lockdown issued to stop the spread of the COVID-19 the overall internet traffic has shot up and with that the cyber threats to your e-commerce site.
Thus it becomes wise for you to invest some time and money into cybersecurity for your e-commerce site.
Below are some statistics you should know to realize the importance of cybersecurity in these trying times.
- About 43% of the breaches were targeted towards small and medium-sized businesses. The other targets included Healthcare organization (15%), Financial Industry(10%) and the Public Sector (16%) ( source: Verizon).
- The Banking Industry suffered about $18.3 due to cybercrimes.
- 3% of cyberattacks were carried out for financial benefits which further reached in 6 trillion dollars in damages according to Cybersecurity Ventures (almost doubled from last year's 3 trillion dollars)
- About 4000 ransomware was found in action.
- 1 out of 131 emails was malicious.
- About 93% of data breaches occurred in a span of a few minutes and of which 83% went undiscovered for weeks.
- 81% of data breaches occurred because of weak or stolen passwords.
- More 51% of companies have admitted to having experienced DOS attacks.
Due to the increased internet traffic, these numbers are only going up. You can read more about these statistics here.
Following the best, Blue Team security practices can go a long way in securing your SME's infrastructure and avoiding data breaches. I am mentioning some of those e-commerce best practices that you should implement in your infrastructure today.
Here is how to secure your e-commerce site:
1. Vulnerability Scan
Vulnerability Scans provide a way to identify all the security loopholes and misconfiguration present in your site that a hacker can exploit. Since vulnerability scans reveal all existing vulnerable areas in your web system, it is one of the first scans a hacker runs.
Scanning your e-commerce prior to not only gives you an edge over hackers but also let you patch them beforehand.
Generally, vulnerability scanners scan the website & the network and provide information about any exposed data or CVE that your infrastructure may be vulnerable to.
2. Get Rid of Weak Passwords
No matter how plush the security system you own, hackers will get in if you are using weak or common passwords. Hence, it is advised that you follow safe password practices.
A few recommended password practices are listed below:
- Create a unique password of a minimum length of 12 characters using capitals, numerical and special symbols.
- Do not use one password in more than one place. Use Bitwarden's random string generation tool to create a long complex password.
- Try to avoid using personal details such as phone number, date of birth, etc in your passwords.
Further, Password Managers will make it easy for you to use long and complex passwords in your sites and still remember them. Also, teach your staff about good password practices and encourage the usage of a Password Manager.
3. Always Create Backups
We cannot stress on this point more - ALWAYS BACKUP YOUR SITE.
Backups may seem a little redundant when everything is running hunky-dory. However, their importance starts setting in when your data is corrupted by hackers and you have no reliable backup to revert back to.
It is recommended to have a periodic (daily/weekly/fortnightly) backup system. However, if yours is a small scale company and the content change is non-existent, a monthly backup may also work for you.
You can backup your site either manually or using third-party support such as Cpanel.
In order to manually back up everything, you can use Linux utility Rsync.
Follow these steps to backup your site with the help of Rsync with ssh.
- Login into the server with ssh
- Install Rsync with
sudo apt-get install rsync
- run the command
sudo rsync -av delete /website-root/ backup/
- Run the command to create a zip file
zip -r backup.zip backup/
4. Access Control
Access Control is the most commonly exploited bug to gain higher privileges on your website. This may be the most difficult to fix as it can’t be fully automated. Therefore it is important for you to configure privileges to your user accounts wisely.
Here are some recommended practices to follow while assigning privileges to user accounts.
- Remove all orphaned user login sessions
- Assign only bare required privileges to user accounts.
- Give the bare minimum privileges to Guest Accounts
We discussed how in these trying times when almost everyone is online the potential of a cyber attack has increased. The statistics show how dangerous a cyber attack can be for your business. We also discussed the various methods you can use to protect your site from these cyber threats and build trust in your client base. Besides, getting a dedicated security solution does help your business.
Leave your comments
Post comment as a guest