The economy is improving, consumer confidence is up, and eCommerce is expected to grow 13% in 2013, all good signs right? Along with these positive signs, the online threat landscape continues to grow as well. In the last two months alone, cyberattacks have not only been high in quantity, but also high in quality, hitting tech industry giants and many others along the way. While each attack had a different objective, the most important common denominator was the need for better security.
Whether you’re a web giant like Facebook or a local online flower shop, security is imperative when it comes to running an online business. Hackers can and will try to get through your defenses, so without putting in the necessary effort to keep them out, you could face serious consequences.
Below, we break down 3 of the most recent cybercrime incidents and what they mean for your online business.
1. Password Reset Nightmares
Recently, hackers breached a well-known note-taking software company as well as a customer service software provider, exposing the email and login information of thousands of individuals. In both cases, the companies affected had to issue password-reset notifications to customers, as well as to third parties as a side effect of the breach. While both companies acted quickly and claimed that no other information had been exposed, these two incidents once again underscore the risks posed by unidentified site weaknesses.
Email addresses and passwords were the casualties this time, but for online merchants, financial information is an even more tempting target. It’s still unclear how the hackers got in, but with the large number of active vulnerabilities that many websites have, it’s possible that both incidents could have been avoided with better security. Keep your business from facing a similar situation by utilizing safety measures like firewalls, web application protection, and frequent vulnerability scanning. Dealing with the fallout from a breach is a huge undertaking, and aside from password reset headaches and dealing with a horde of angry customers, it could have potentially fatal consequences for smaller businesses.
2. Beware of Third Party Vulnerabilities
Last month, some of the tech industry’s most powerful companies were hit with a series of security breaches, most likely stemming from the same corrupted developer site. Some employees at these top tech companies had their computers compromised—and potentially company data along with it—after using a site infected with malware.
Moral of the story: Hackers are always looking for new ways to get into your business, and going through a third party is a great way to start. As an online merchant, it is important to remember that employee devices like laptops and smartphones can pose a big security risk. While these particular attacks centered on an iPhone Dev SDK website, it’s important to always use a secure network at your office and coach employees on good security and compliance practices. Ecommerce is a bigger target than ever, and even if you’ve taken the proper external precautions, it’s crucial to protect and be aware of how company devices are being used.
3. Social Media – Just Another Door for Hackers
Social media is shaping up to be an essential vehicle for brands to connect with customers, troubleshoot issues, and advertise. However, aside from the benefits, social networks can present some complications when it comes to keeping your online business and customers safe. Recently, a slew of major brands had their Twitter accounts hijacked and defaced, highlighting the need for better security for brands using these platforms.
Regardless of whether you run your social channels internally or outsource channel management, you should have some form of security protocol in place. It’s important to keep tabs on who has access to your accounts, which employees have administrative permissions, which management platforms you are using, and any apps that can access your feed’s data. Even if hackers can’t access valuable customer information from your Twitter account directly, having your social accounts breached is still a huge liability when it comes to reputation. And company embarrassment aside, any password re-usage could also put your other web properties at risk.
The last few months have certainly been eventful in the world of security, but there will undoubtedly be more incidents to come. In order to keep your business out of the headlines, it’s important to learn from others’ mistakes and take website security seriously. Constant vigilance is the best way to stay one step ahead of cybercriminals, and along with creating a strong security program, staying up-to-date on recent events will certainly help.
For more information on how to maintain a safe presence online, follow us on Twitter @McAfeeSECURE.