Anyone using the Internet should be aware of security issues. But companies that engage in financial transactions and collect customer data need to be especially careful. While much of the emphasis for ecommerce merchants is the protection of credit card information, in the age of big data and behavioral targeting, vendors collect a good deal of other information that is valuable to cyber criminals.
While cyber security is frequently associated with foreign espionage, 75 percent of security breaches are driven by financial motives, according to the Verizon’s RISK Team’s “2013 data Breach Investigations Report.”
Cyber criminals can gain access to customer information in two ways: (a) from data stored on the merchant’s network, and (b) via access to consumer’s physical devices. The increasing use of mobile devices for online purchases creates even more vulnerability because these devices are not as secure and people are more prone to losing them.
Malware can infect an ecommerce merchant’s server. Hackers utilize backdoors — a programming tool that creates an undocumented method of gaining access to a network — to allow repeated intrusions into the computer systems. Breaches can go undetected for months.
Combating Cyber Threats
Effective cyber security measures include installing a firewall that monitors incoming and outgoing network traffic, antivirus software, intrusion detection and prevention systems, and encryption encoding.
Security solution provider Symantec recommends the following best practices.
- Employ in-depth strategies that emphasize multiple, overlapping, and mutually supportive systems that guard against single point failures in any specific technology.
- Keep software patches up to date, especially on systems that are accessible through your firewall like HTTP, FTP, and DNS.
- Consider implementing network compliance solutions that will keep infected mobile users out of the network.
- Configure mail servers to block or remove email that contains attachments that are commonly used to spread viruses like .VBS, .BAT and .EXE files.
- Test your system security on a regular basis.
- Maintain strict discipline around user management for various Internet services. Frequently monitor who has access and what level of access they have.
- Train your employees to not open attachments unless they are expected and come from a trusted source, and to not execute software that is downloaded from the Internet unless it has been scanned for viruses.