With the arrival of the “ber” month, excited shoppers are now starting to scour the web to score good online deals before the holidays begin. Is your business doing what it takes to secure your site’s payment processes?
With the arrival of the “ber” month, excited shoppers are now starting to scour the web to score good online deals before the holidays begin. In the Philippines, as early as September, brick and mortar stores begin to display Christmas goodies for early shoppers. Likewise, popular online retail shops and e-commerce sites such as Lazada and Zalora are already offering huge discounts to kick off the shopping season. While sales will always be top priority, a website’s security is also an important part of preparing for the holiday rush especially when it comes to payment processes.
Shopping online has its perks. You don’t have to step out of the house, you can practically shop in your own living space, and you can have your purchases delivered at your doorstep in no time. While many people still enjoy going to the mall for their shopping needs, nothing quite beats being able to check out a number of different items with just a few clicks. However, most users fail to realize that online shopping does have its pitfalls. Even if for most people, the benefits of shopping online largely outweigh physically going to stores, people should know and understand the online threats that could impact them one way or another. Business owners should also know how they can enhance the security of their website. But what types of online threats should webpreneurs be aware of? Here is a list of some potentially harmful risks that could compromise your customer’s data.
Spam/Junk Mail – most people are aware of what spam is; these are simply annoying emails that get flagged as junk mail. These emails are not immediately risky but some of them do come with malware as well. Clicking on malicious links can lead to phishing sites that ultimately downloads malware.
Phishing – phishing is an old social engineering tactic used by cybercriminals to trick users to give out personal details or other sensitive information such as bank credentials, birth date, passwords, etc. Phishing comes in the form of emails, ads, and links. Once clicked, cybercriminals will be able to steal the data they want.
Ransomware – as mentioned earlier, ransomware is a dangerous type of malware that could render a person’s file useless, damaged, or lost. Ransomware has proven to become very effective over the years as it uses scare tactics on its victim by asking the victim to pay a certain sum of money, or the victim’s data will either be destroyed, lost, or extorted. On October 2016, Eastern Communications gathered government IT experts to educate them on ransomware and its growing impact on individuals, as well as organizations.
Malvertising – short for “malicious advertising”, this type of threat is often seen on popular sites and appear as pop-ups or alerts. Unknowing users who click on them could inadvertently install malware or get infected by drive-by-downloads, which means users don’t necessarily have to click on anything, but simply visit a malicious page that already contains malicious code. While most online ads are inherently harmless, attackers could use them as in infection vector. Moreover, malvertisments are capable of delivering ransomware.
What can businesses do to mitigate these online threats?
The first step to defend against these threats is knowing what they are and understanding what they do. After which, you will be able to identify which areas to implement stronger security.
Choose a secure e-commerce platform – if you’re still planning on creating your own online retail shop, make sure that you choose a platform with robust security measures. Most developers choose Magento and WordPress because of its strong security and as well as usability.
Implement two-factor authentication (2FA) – encourage customers to use stronger passwords and two-factor authentication (2FA). 2FA is a security process wherein a valid user is required to use two means of authentication. One is the username-password combo, the other could be real-time code generated verification that is valid only for short duration. This process prevents hackers from succeeding with phishing tactics.
Partner with credible and responsible vendors – while there’s no perfect internet service provider (ISP) or hosting services, it’s wise to choose one that is reliable and capable of providing robust security that can protect against fraud, identity theft, and other online threats.
Running an e-commerce website is much more than gaining customers. As a business owner, it is important to maintain your customer’s trust by ensuring the security of their data and information. Though there is no silver bullet when it comes to security, you can be a responsible business owner by implementing up-to-date best practices.