While it’s now easier than ever to start up an online business, connect with a global audience and network with some of the industry’s best, the digital era also brings with it the convenience of personal information or being readily available. This leaves your business, your clients and yourself vulnerable to the possibility of cyber-attack. This post will help you understand website security and check if your eCommerce website is protected.
The global cost of cyber-crime
With damage costs projected to hit $6 trillion annually by 2021, cyber-crime is set to make its mark as the greatest transfer of economic wealth in history. Furthermore, these attacks are not limited to big business and corporations.
As the world moves further into the digital sphere, humans have moved ahead of machines as the number one target of cyber-attack. Predicted to reach 6 billion people by 2022 (75% of the world’s population), the human attack surface available online presents itself as a variable feast for those who leave their websites unprotected.
These numbers not only highlight the growing prevalence of cyber-attacks, but point to a key element preventing many ecommerce businesses from flourishing: website security.
The importance of cyber-crime detection
As we transition into a 24/7 marketplace, the importance of website security becomes paramount. Far more often than not, an attack on your business is carried out before you’ve had a chance to realize the damage that’s been done.
For online business owners, it’s important to understand the causes of attack. This will assist in incorporating and maintaining effective measures to prevent and minimize the risk of becoming a victim.
Cyber-crime – the causes
According to research published within the International Journal of Information & Computation Technology, five of the main causes of cyber-crime are as follows:
Ease of access
In the attempt to secure a site from unauthorized access, these violations could include stealing access codes, pins, recorders and other information that could be used to bypass a firewall or get past a security system.
Largely carried out in a threat or attempt to damage another’s reputation, cyber hoaxes can take the form of scam emails and content (emails, links, etc.) containing virus-infected material.
Actively not paying attention or being thorough in protecting your files, documents, website and/or system. Negligence in this sense results in hacking into e-commerce systems, e-banking or conducting fraud transactions.
Revenge or motivation
Actions carried out with a desire to both inflict loss on the victim while profiting from the benefits.
Poor law enforcing bodies
Due to a lack of clear cyber laws, many cyber-crime perpetrators get away without being punished.
Cyber-crime committed for publicity or recognition
Cyber-crime committed under the guise of a cause gives people a global platform to spread their opinion.
Just as important as the causes behind cyber-crime is the solution: attitudes towards cyber-crime detection and website security in general need to change. Successful online business owners accept the one fundamental behind cyber crime: when online, everyone is a target. No individual or business is too small, and without adequate website protection, all elements of your site can be susceptible to attack at any time.
Cyber-crime in numbers
In 2015, IBM’s Chairman, President and CEO stated “Cyber-crime is the greatest threat to every company in the world”. In 2017, billionaire businessman Warren Buffet stated cyber-attacks are the “number one problem with mankind”. And they could very well be right.
According to Microsoft, the potential cost of cyber-crime to a global community currently sits at $500 billion, with a data breach costing the average company an estimated $3.5 million.
Digging deeper, it has been stated that over 60% of data breaches and website hacking are due to compromised user credentials. This can be largely attributed to online businesses having inadequate security measures in place to protect their user’s private information.
Increasing by 36% in 2017, ransomware has also become a favoured method of profitability by targeted attack groups. Cheap and easy, ransomware attacks essentially hold a system’s information hostage until a ‘ransom’ fee is paid. Currently, the average ransom fee sitting at around $1,077, and with more and more people willing to pay, both ransomware attacks and their hostage fee is expected to increase in 2018.
Cyber-crime’s impact on online businesses
When it comes to cybercrime, it’s more than just money that’s at stake. As a result of digging into personal information, hackers can not only access financial information but social security numbers, home addresses and a wealth of other personal information. This, in turn, opens the doors to the possibility of identity theft on your customers.
Alongside a loss of profit and causing major business disruption during the rectification period (including the high probability of having to take your website offline while affected systems get back up and running), cyber-attack comes at a great loss to business credibility and customer retention, even if they have not been a direct victim.
While being online offers a world of benefits, it also offers customers the opportunity to instantly spread the word about their negative experience to a worldwide audience – unfortunately if your business has been the victim of attack, this can leave a long-lasting impression on your business rapport.
The rise of payment fraud – and what it could mean for you
For those of us operating in the digital world, especially those who run eCommerce websites, cyber-crime detection and website security is more than just a regular change of password – it’s a vital investment for your business.
Alongside personal information being hacked, an area of particular concern to online business owners is the issue of payment fraud – and according to Juniper Research, card-not-present (CNP) transactions account for 60-70% of all card fraud in developed countries.
Just like any eCommerce business owner, your budget for a certain amount of product being purchased on your website over a certain time period. You allocate time and money to building the site and purchasing your product and just like content’s insurance for a brick-and-mortar store, you want to ensure your assets and income are protected.
Concurrently, previous, current and future customers want to have the trust and confidence the payment information they hand over to you is kept safe, secure and confidential.
Cybersecurity – the facts
A 2016 Consumer Loss Barometer survey by KMPG summarised how more than 400 corporate executives and nearly 800 consumers perceive different elements of website security – namely, roles, risks and rewards. Results proved cybersecurity can be an influential factor in producing greater brand loyalty.
Furthermore despite 81% of executives admitting a cybersecurity compromise taking place within their companies over a two-year period, nearly half of those polled indicated they have not invested in their website security over the last 12 months.
These results are a prime example of how many business operators are actively turning a blind eye to an easily identified (and largely preventable) problem. Making an investment in cybersecurity offers more than assurance of retaining your current income – it also offers you the potential to open doors to new customers, therefore increasing both your client database and profit margin.
How to keep your online business secure
First and foremost, there are several steps you can organically take to help protect your business in the event of an IT cybersecurity attack:
- Regularly back up your data – A good back up system generally includes daily back-ups to a cloud or portable storage device, weekly server back-ups, and both quarterly and yearly back-ups. If using a portable storage device, it is also advised to keep this in an offsite location.
- Install security software – Firewall security that includes anti-virus, anti-spyware and anti-spam filters can help avoid and protect your eCommerce website from attacks.
- Monitor computer and system usage – Keep a record of all computers and software used by your business. Educate employees on the importance of IT cyber security, as well as the importance of safe storage for sensitive and confidential information.
- Secure sensitive information – Encrypt your data if storing online to ensure only approved users can access it. This reduces the risk of theft, hacking and information tampering.
- Change your passwords regularly – Alongside using a strong password (combined with numbers, letters and symbols), be sure to update your passwords every few months.
- Use two-factor authentication for those parts of the IT system for extra security.
How to secure your cart system
As the destination for your customers, your shopping cart system security needs extra attention. Keep your business and your customer data safe by ensuring the following:
- Have a secure, up-to-date SSL certificate – This ensures hackers can’t spy on your site traffic. Sites secured with certification will have an address beginning with https:// instead of http://. Secure certificates expire (usually after 12 months), so ensure you know your certification period and renew it regularly.
- Make sure your customer information is secure – Ensure your shopping cart software encrypts your customer’s credit card information, or use special PCI DSS certified service to do that. Otherwise, never store on your system as it contradicts PCI DSS requirements. When searching for a confirmation of payment, you should only be able to see that your customer has paid by credit card, along with the last 4 digits of the card number.
- Choose your passwords wisely – Hackers can implement systems that automatically search any word in the dictionary. Choose passwords that have a combination of numbers and letters (avoiding any obvious information such as birthdays), and ensure they are changed frequently.
- Avoid a paper trail – Don’t use any customer identifying information when printing out order forms. Have a system in place for tracking sales, and be sure to destroy any printed order forms upon completion.
- Restrict employee access to sensitive information – When possible, limit employee access to customer’s billing information. Ensure they are well informed on the dangers of leaked customer data, and if an employee leaves, ensure their accounts are closed and all passwords are changed.
See X-Cart’s recommendations on protecting your site from scammers to make sure your eCommerce business is far from being vulnerable.
Investing in your website security
When taking the next step to financially investing in IT cyber security, you need to consider whether you want to take an active part in your business security or outsource it to a third-party user. As an online business owner, having a platform that allows you to take a hands-on approach to website security can often work to your advantage, as it means you don’t have to provide private information to an outsourced company.
Purchasing a website package as a whole can be the preferred method of choice when it comes to inbuilt website security measures, as it enables you to take control of your ecommerce business from the ground up.
Additionally, many small businesses often don’t have the capital to invest in building their own shopping cart system. Making a smart investment in site builders like X-Cart gives you the opportunity to pay a one-time licensing fee, with the option of automatic upgrades with the click of a button.
Benefits of securing your cart system:
- Keep customers on your site – financially, a secured website or cart system ensures payments are collected safely and will provide the features needed to process credit cards and connect directly to bank accounts, working with leading payment gateways to provide customers with a seamless transaction without having them leave your website.
- Keep personal information safe – Protecting your cart system with the appropriate website security software will keep customer’s personal information safe, preventing fraudulent transactions, information theft and a potential loss of profit to your business.
- Offer more to your customers – Streamline business operations within your cart system for shipping requirements, order and inventory management, strategic marketing and customer support.
- Increase revenue and continue relationships with past purchasers – Offering discounts on items that have been previously abandoned in carts, creating wish lists or even using discount or coupon codes are all advanced functionalities a secure cart system can undertake to help you retain customers and entice new ones to purchase.
About the Author
Rob Hart has seven-plus years working in partnerships and integrated payments at eWAY. eWAY is a payments platform that operates in five countries and processes billions of eCommerce payments each year. Founded in 1998, they provide a safe, reliable and frictionless payments platform and are trusted by tens of thousands of merchants.
Located in Australia, they’ve offices in Canberra (HQ), Sydney, Melbourne and Brisbane and are proud to process 1-in-4 payments or 25% of local transactions. X-Cart, who provide a powerful, out-of-the-box shopping cart solution has partnered with eWAY to provide customers with an easy and secure way to accept payments online.