When it comes to eCommerce, every effort must be made to ensure that your digital assets are protected in the face of ever-increasing cybersecurity threats.
Trustwave’s annual Cybersecurity report finds that the retail industry is the most compromised out of all industries with 24% (up from 18% in 2019). PwC recent research suggests that cyberattacks are up by over 30% in the retail space – a sure sign that this is an increasing reality more so than just a passing trend. Cyberattacks are varied in criminal intent – they can be performed by malicious insiders abusing their credentials, organised crime groups or other such individuals that wish to extort your business.
The threat involved, and the currency at play here, is primarily data – specifically customer data. Online retailers naturally hold significant volumes of customer data. Cyberattackers seek to leverage this data as a means to extort businesses and derive a specific response. Dave Manser, Managing Director of Vitamin Creative, an Irish full-service creative consultancy that caters to eCommerce retailers, provided his thoughts on the matter
“With the rapid digitalisation of the retail sector, we have observed an even greater need for cybersecurity provisions with our eCommerce clients. We regularly ensure that their websites are updated, backed up, and encrypted while utilising the latest security technologies.
“The value of eCommerce has only increased in previous years; seismically so from COVID-19 lockdowns. Greater revenues from online retail sales naturally place a bigger target on their heads – it’s never been more important for retailers to protect their digital assets online,” he added.
To mitigate the risks of a compromise, we advise the following tips:
7 Cybersecurity for eCommerce
1. Keep Your Website Constantly Updated
As with any self-hosted website, the likes of WordPress and associated plugins must be kept up to date with important security updates. The biggest threat of malware on websites is the neglect of these updates.
2. Enable 2FA / MFA
Two-factor authentication or multi-factor authentication should be used on all of your online accounts and SaaS products (Shopify, Hubspot etc). You can also implement this on your website platform (plugins like WPSecurity). These will lock down your access to the site if any strange activity occurs, or if rules have been broken (such as an unrecognised IP address, multiple incorrect logins, successive reCAPTCHA failures etc.).
3. Utilise a CDN
Content Delivery Networks (or CDNs), like Cloudflare or Fastly (the latter which was in the news for the wrong reasons last week). A CDN recreates a cached version of your website and hosts it closer to the user (for example In Singapore) so that the visitor does not have to visit the server location (in Dublin). It also has security features built-in, like diverting all traffic through a firewall.
4. Have an SSL Cert
All websites should have one – especially if you collect personal data. The SSL cert encrypts all user information from the browser and server. So if it’s stolen, the data is useless without the encryption key. SSL certs are also considered to be a signal to your web visitors that your website is safe, secure and legitimate.
5. Schedule Regular Backups
Just like with your IT system, regular backups of your website should be taken and stored securely. Most web developers use an enterprise cloud storage facility, but there are also third party plugins that can do this for you as well.
6. Create a Disaster Recovery (DR) Plan
Again, like with your IT system, you should have a Disaster Recovery Plan ready to go if the worst happens. You need to detail who, what, where and when so you can mitigate potential risks or loss of data, and get your website up and running quickly.
7. Be GDPR Compliant