Even though Black Friday and Cyber Monday are generally known as the busiest shopping days of the year, a heavy online retail activity is expected to continue throughout Decembers, and this translates into a greater potential for cybercrime. Data breaches and network intrusion attacks are often launched against e-commerce websites during the holidays, and this trend can be explained by the rationale of cybercrime groups that focus on identity theft.
TAKE STEPS TO SECURE YOUR BUSINESS FROM CYBERATTACKS
Earlier this year, and in preparations for the holidays, password security firm LastPass compiled data security statistics for some of the top names in American e-commerce to determine how much safety they provide to shoppers. Some of the top names on the list include Apple, Amazon and the Qurate Retail Group, which includes brands such as QVC, the Home Shopping Network and FTD. Established retailers such as Costco and Walmart did not score highly on the list compiled by LastPass, and some of the reasons are:
- Poor two-factor authentication procedures: At a time when cybercrime incidence is rapidly increasing, e-commerce shops should do more than just offer 2FA login options. Making 2FA a standard for accessing online accounts should be encouraged; a recommended practice in this regard is to offer gifts or substantial discounts so that shoppers understand that online store operators really care about their security.
- Social media login options: In terms of security, it is better to recommend the use of a password vault service than to present shoppers with the option of signing in with their Facebook or Google accounts. The problem is that phishing attacks on Facebook are getting more sophisticated because malicious hackers are posing as friends of their victim. It should be noted that Facebook reported a data breach that compromised 50 million accounts earlier this year.
- Unsecured HTTP: While none of the aforementioned major retailers use the old and unsecured HTTP session protocol, there are still some e-commerce websites that have not migrated to HTTPS.
- Too much freedom in choosing passwords: Online shops that allow customers to select any easy password they can think of are doing an information security disservice. Customers should be required to come up with strong passwords that include a combination of symbols, numbers and case-sensitive characters.
E-commerce security should not be limited to endpoint protection; online shop owners should think beyond firewalls, antivirus software and secure networks, they should also think about the security of their customers. Contact Sonic Systems in Victorville to discuss how to strengthen the security of your e-commerce websites.