Are you sure your store is safe?
Being the most authentic series about hackers, Mr.Robot gives people a realistic view on data protection, cyberattacks and actual hacking risks. It encourages everyone to think about security habits and measures by showing how vulnerable we are all in the cyber space.
Time to get more careful about cyber security as no business is without a risk.
Here are 5 lessons ecommerce merchants can learn from Mr.Robot.
#1. Choose a Secure eCommerce Platform
In episode 3 Elliot wakes up in hospital from a certain accident. The primary reason why he uses this hospital lies in the lack of security, since he can easily hack into the data base and modify his records.
Put your ecommerce store on a trusted platform. Many companies choose open-source solutions to build their websites (like Magento and WordPress). However, these tools are more attractive to hackers due to a number of reasons, like customization opportunities and third-party plugins or a heavy code base that provides many attack vectors.
This doesn’t mean open-source platforms should be avoided. NO! Just take greater care when customizing, use only recommended plugins and work with trusted solution providers.
#2. Stay PCI Compliant and Use SSL Certificates
PCI or more correct PCI DSS compliance (Payment Card Industry Data Security Standard) is mandatory if you accept credit card payments. No matter whether you handle a small volume of transactions or use external payment providers if you want to accept payments from Visa, American Express, Master Card, Discover or JCB, you must comply with PCI.
If you don’t follow their 12 requirements and drop customers’ data theft – you may face fines, penalties or credit card acceptance ban.
A number of hosted ecommerce platforms, like Shopify, Bigcommerce or Volusion, have undergone PCI audit and are PCI DSS Level 1 compliant.
An SSL Certificate ensures that all the customers’ sensitive data goes through a secure HTTPS connection. Expired SSL certificates or none at all can lead to phishing scams – a type of fraud when hackers create a fake website that looks like the real ecommerce store to steal shoppers bank account info and passwords.
What is more, recently Google has announced that Google Chrome will label all HTTP pages as non-secure.
#3. Provide DDoS and Fraud Protection
In one of the episodes, the company that Elliot provides security services for (the E-Corp) gets hit with a DDoS attack by the hackers who are looking to recruit Elliot.
DDoS attacks against large companies happen quite often. A famous example is the hack of the Sony Playstation and Xbox in 2014. Such an attack floods the company’s servers with so much traffic that legitimate users can’t gain access to a network. DDoS stops your store from working, so you will lose money because of the downtime.
Check on a regular basis your router for possible vulnerabilities.
#4. Update/ Monitor/ Backup Your System
Elliot found that the company’s mail servers haven’t been patched and was infected with ‘Shellshock’, which made them an easy tracking target.
Like brick-and-mortar stores use security cameras, you should use trusted real-time monitoring tools to identify various vulnerabilities and alert suspicious activities.
Update all software your company uses on a regular basis. Literally, whenever there’s a new version available, install the latest security patches immediately. Keep your server up-to-date, and make sure you have the latest version of any plugin installed on your store.
You never know what can happen tomorrow, so if you want to be sure your store is safe – schedule regular backups.
#5. Require Strong Passwords
In a number of episodes Elliot easily hacked people private data using their passwords. In many cases they (passwords) were quite simple, e.g. a favourite artist name combined with birth year backwards. In some cases he used a dictionary bruce force attack to know the password.
Most people use weak passwords, containing their address, phone number, pet’s name, etc. Hackers with a little time and effort can do a minor Google search, find some necessary data of Facebook and figure out your password.
Otherwise, they can use a bruce force technique that systematically checks all possible passwords until the correct one is found. This method was used in hacking iCloud accounts which lead to the the nude celebrity pics in 2014.
Require strong and complex passwords on your website. Block the ability to login after several failed attempts.
You don’t need to be an Amazon to be at risk. However, there’re a number of steps you need to take to make your ecommerce website as secure as possible for you and your customers.
Don’t store sensitive data, use tracking number for all orders, patch your system, stay PCI compliant – add extra levels to your cyber security.
How do you protect your ecommerce store from frauds & hacking?