Recently, a story ran in CNNMoney.com about the cyberattack experience of a small online retailer. Not only was their site victimized once, but twice in the span of four years. Over 1,000 dollars later, the owners were able to get back on their feet, but many other small businesses won’t be so lucky.
Today, cyberattacks can mean much more than financial setbacks, and this example should serve as a cautionary tale for online merchants to take security seriously. eCommerce merchants are especially vulnerable as they deal in hackers’ target of choice, the personal and financial information of consumers.
Below we discuss the reality of cyberattacks and small businesses, and what you can do to make sure that your site doesn’t suffer the same fate.
It Can Happen To You
In the last year alone, cyberattacks have not only increased in frequency, but also in severity. Even some tech industry giants and other prominent businesses weren’t safe from the wave of breaches. With 47,000 reported security incidents in 2012, hackers were definitely busy, and will most likely continue to be.
Most websites have at least one serious weakness that can potentially lead to a security breach down the road. The consequences of these vulnerabilities being noticed by the wrong people will be extraordinarily costly, if not fatal for some smaller sites. Additionally, the ongoing lack of PCI compliance among small to medium sized businesses, has made them even easier to take advantage of.
Hackers can breach your site in a variety of ways including, but not limited to, malware infections, brute force intrusions, as well as through third party vulnerabilities. The 2013 Verizon data breach report found that 52% of attacks utilized some form of hacking and 40% incorporated malware, with the overwhelming majority of attacks rated as opportunistic.
The Aftermath
So what happens after a breach? Along with the headache of identifying and fixing the damage from an attack, the costs merchants face when this scenario occurs can be devastating. From the cost of a forensics audit to site downtime—not to mention heavy fines and other consequences—a serious enough breach has the power to cripple any small business. What’s worse is that most business owners don’t even take into account the ultimate price of a breach in security until it’s too late.
Aside from potential financial losses, a cyberattack can also permanently tarnish your reputation as a reliable and safe merchant. As we’ve mentioned before, trust plays a huge part in whether or not shoppers choose a site, and there’s no quicker way to lose revenue than by being breached. Not to mention the uncomfortable notification and/or password reset emails to customers who have been impacted by the incident.
Like in the article mentioned above, there is light at the end of the tunnel for most businesses after a data breach, but proper security is the best way to ensure they don’t happen in the first place.
What Your Business Can Do
Making sure your site and customers are safe starts with the backend. Web and application firewalls are essential lines of defense and every business should incorporate them into their strategy. Additionally, for all merchants accepting credit card payments, SSL encryption is another critical step towards crossing your T’s and dotting your security I’s. Regardless of whether or not a third-party payment provider is in charge of processing transactions, all other customer data, like passwords and contact information, must be encrypted as well.
Many security risks merchants face are nothing new, and yet hackers exploit them again and again. However, enlisting the help of a third-party security provider will help identify and patch mission critical issues before they become a problem for your business. Frequent vulnerability scanning is not only a great way to keep site weakness in check, but also complies with one of the many PCI DSS requirements.
Once all of the backend pieces are in place, it’s important to show shoppers that you are a legitimate operation—and this is doubly important for small businesses. One of the best ways to achieve perceived security and build trust with consumers is by displaying one or more reputable security seals on your site.
Visit our website for more information on McAfee SECURE services, and be sure to follow us on Twitter at @McAfeeSECURE for the latest in eCommerce news and events.