As an online retailer, you are responsible not only for your own data, but also for your customers’ data. For this reason, you should take extra care to protect your online shop against hacker attacks. Here are the most important measures.
This year’s ‘State of the Internet’ security report by the CDN provider, Akamai, contains some alarming statistics: There were over 30 billion hacker attacks in 2018 with the intention of logging into a website using stolen user details.
According to Akamai, the most common way of obtaining user details is “credential stuffing”. Multiple malware programmes group together (“botnet”) and systematically attempt to log in to websites, such as banks or online shops, using stolen login details.
These attacks are based on the assumption that users often use the same login details for more than one site. Once they have these details, they can try them all over the internet.
The business of stolen login details is lucrative because the internet makes it easy to buy and sell goods that were acquired online at the expense of strangers.
Hackers always work according to the principle of finding the weak spots in a website and taking advantage of them. For this reason, it is important to check your own website for possible entry routes and secure any gaps.
The following points help you protect your online shop against hacker attacks:
As an online retailer, you need lots of passwords, for example for administrative access to the shop system, access to databases or to hosting providers. Choose passwords that are as complex as possible, that contain letters, numbers and special characters and are at least 8 characters long. It is easy to work out passwords that are too simple or too short. Use different passwords for each access in order to avoid total loss in the event you “lose” one particular password. You can use a password manager for the administration of your passwords.
Use virus scanners on your computer to protect against viruses and trojan horses, as well as a firewall that cannot be changed without authorisation. Always keep the programs up-to-date. You should also always remember to update your operating system regularly as the manufacturers secure possible security gaps with these updates.
This is just as important for your shop system as it is for anti-virus programmes and operating systems: Always keep it up-to-date. Most providers create regular updates, which secure weak spots that they are aware of and may also contain features that are relevant to security.
The more files that have write permission, the higher the risk of malware getting into the web server. As a worst-case scenario, these files could disclose your customers’ data. Therefore, you should only give write permission where this is actually necessary.
Using forms as an entry point for malware is popular. For example, search forms, user registration or customer login pages can be vulnerable to such attacks. You define how this data is processed and read in the program code. Therefore, when creating code, you should always build in algorithms (or have these built in) that make it more difficult for malware to get into the system in “code injection attacks”.
There is and never can be 100% security. None of the manufacturers can sort out weak spots that have not been published and this means that every system is always vulnerable to attack. That is why it is even more important to be prepared for the worst-case scenario. One very effective method is to only save data in an encrypted manner and to store the encryption key away from the data. If an attacker does find a way to get into the system, they will not be able to read any of the data.
Nobody is an expert at everything. This applies to information security in particular. In the field of information security, there are solutions and experts that can support you in making your online shop secure and clarify where the problem areas are in your website for you. The range of services spans from automated vulnerability scanners to external information security officers.
You are probably aware of some of the security measures mentioned here from your personal internet use. However, as a business person, it is even more important to protect your own data and that of your customers. In the event of data misuse, the extent of the damage to your company’s image, economic losses, and fines are generally extremely high. Therefore, investing in the security of your online shop is worthwhile.
Do you have any suggestions or questions? Please feel free to contact us by email at email@example.com.
BONUS DOWNLOAD: Is your business GDPR compliant? Download our free whitepaper to check the most most important points about the GDPR.