Due to the LockDown issued to stop the spread of the COVID-19 the overall internet traffic has increased and so has the cyberattacks threatening your e-commerce site. Thus, it becomes wise for you to invest some time and money into cybersecurity for your e-commerce site.
Below are some statistics that we have compiled for you that you should know to realize the importance of cybersecurity in these trying times.
- About 43% of the breaches were targeted towards small and medium-sized businesses. The other targets included Healthcare organization (15%), Financial Industry(10%) and the Public Sector (16%) ( source: Verizon).
- The Banking Industry suffered about $18.3 due to cybercrimes.
- 3% of cyberattacks were carried out for financial benefits which further reached in 6 trillion dollars in damages (almost doubled from last year’s 3 trillion dollars)
- About 4000 ransomware was found in action.
- 1 out of 131 emails was malicious.
- About 93% of data breaches occurred in a span of a few minutes and of which 83% went undiscovered for weeks.
- 81% of data breaches occurred because of weak or stolen passwords.
- More 51% of companies have admitted to having experienced DOS attacks.
Following the best, Blue Team security practices can go a long way in securing your SME’s infrastructure and avoiding data breaches. Below are mentioned some best practices that you should implement in your infrastructure today.
Ways To Secure Your E-Commerce Site
In order to protect your site from these cyber threats, you need to be fully prepared and follow the e-commerce security practices. Below are mentioned some best practices that you should implement in your infrastructure today.
Vulnerability Scan
Vulnerability Scans are a good initial scan to identify all the security loopholes and misconfiguration present in your site that a hacker can exploit. Also since vulnerability scan is also the first a hacker will run against your site thus it gives you an edge over them.
Website Vulnerability scanner will scan the website or the network and give information about any exposed data or CVE that your infrastructure may be vulnerable to.
One good choice for a vulnerability scanner is McAfee Security Vulnerability Scanner. This will show where your site is weak and what hackers can exploit to gain unauthorized access.
Get rid of weak passwords
No matter how secure your website is, the hacker will get in if you are using weak or common passwords. Following good password practices on your website can go a long way in protecting your site.
Password Manager will make it easy for you to use long and complex passwords in your sites. A few recommended password practices are listed below.
- Create a unique password of a minimum length of 12 characters using capitals, numerical and special symbols.
- Do not use one password in more than one place. Use Bitwarden’s random string generation tool to create a long complex password.
- Try to avoid using personal details such as phone number, date of birth, etc in your passwords.
It is also a recommendation to teach your staff about good password practices and use a password manager such as Bitwarden.
Always Create Backups
We cannot overstress on this point more ALWAYS BACKUP YOUR SITE.
Backups may seem little redundant when everything is running smoothly but their real value is realized in case of a hack when all your data is corrupted by hackers and you have no reliable backup to revert back to.
It is recommended to have a weekly backup system but a monthly backup may also work if you are a small scale company.
You can backup your site either manually or using third-party support such as Cpanel.
In order to manually back up everything, you can use Linux utility Rsync.
Follow these steps to back up your site with the help of Rsync with ssh.
1. Login into the server with ssh
2. Install Rsync with
sudo apt-get install rsync
3. run the command
sudo rsync -av delete /website-root/ backup/
4. Run the command to create a zip file
zip -r backup.zip backup/
Access Control
Access Control is the most commonly exploited bug to gain higher privileges on your website. This may be the most difficult to fix as it not possible to fully automate and it can be easily exploited to gain higher privileges
Therefore, it is important for you to configure privileges to your user accounts wisely.
Here are some recommended practices to follow while assigning privileges to user accounts.
- Remove all orphaned user login sessions
- Assign only bare required privileges to user accounts.
- Give the bare minimum privileges to Guest Accounts
Conclusion
We discussed how in these trying times when almost everyone is online the potential of a cyber attack has increased. The statistic clearly shows how dangerous a cyber attack can be for your business. The article also discussed the various methods to protect your site from these cyber threats and build trust in your client base.
Thus with few minor configuration fixes, you can protect your business from attackers, cyber threats and data breaches.
Stay Secure!
