COVID-19 has accelerated the shift to eCommerce everywhere. Online retailers need to consider:
1. Cyber risks associated with eCommerce.
2. Verify their compliance with the Payment Card Industry (PCI) standards
3. Ensure their appropriately protected against cyber attacks.
As online shopping grows exponentially, cybercriminals are taking advantage of this trend.
Since the start of the pandemic, 3B Data Security have investigated 56 data breaches of eCommerce environments, from a wide variety of retailers, from fashion to household furniture, and sporting goods to skin care, where cybercriminals had gained access specifically to target and steal payment card data.
As more and more people are forced to use eCommerce sites, it is up to businesses to put in place proper protections to ensure that sensitive customer data cannot be stolen. It is now vital for businesses to recognise modern cybercriminals' sophistication, and the methods now used will require more than just traditional antivirus and firewall software.
How can eCommerce site enhance their cybersecurity?
1. Change user passwords regularly.
2. Ensure any admin panels are protected by multi-factor authentication.
3. Perform penetration test yearly and after any significant change.
4. Use a content security policy to define a whitelist of approved content sources that the user’s web browser may load.
5. File Integrity Monitoring (FIM) software should be used to protect all key configuration files, log files, and payment process files that reports daily and alerts when a file has been changed.
6. Apply all relevant patches and updates. A process should be developed to ensure all released security patches for all system components are reviewed, tested and deployed within one month of release.