For both businesses and consumers, it’s wise to keep cybersecurity top of mind. Recent news of a massive security breach at Facebook reminds us that awareness, action and investment remain essential if we want to keep online information safe. For businesses in the age of e-commerce, failing to take continuous steps to improve and maintain security can mean huge financial losses, a break in customer trust and lasting brand damage.
This October – National Cybersecurity Awareness Month – is a good time to revisit your company’s approach to security. What technology have you invested in to protect customer data? How have you trained your employees, and what are your plans for ongoing training and education? To get you started, this toolkit from the Department of Homeland Security can help you evaluate and plan your strategies.
While the Facebook attack is the latest and largest example of a high-profile, large-scale breach, the fact is that even the smallest e-commerce business is at risk. In fact, given that a small business has fewer resources to dedicate to technology infrastructure and security, the risk is in some ways greater. According to Symantec, 60 percent of cyber-attacks target small and mid-sized companies.
Here are five tips to get your business on track for stronger security this year and beyond.
- Identify the risks
The first step in getting your company’s security plan in order is to understand the exact risks that you face. You need to analyze what data may be of interest to a thief, where your data is stored, and who has access to it. Also, meet with your IT people, sales team, accountant, legal counsel and financial planner to help maximize your risk identification.
- Reduce the risks
With a clear sense of where your data security weaknesses lie, it’s time to plan and implement processes to protect your systems and reduce risk. These include security plugins and multifactor authentication to protect login as well as strong employee training (discussed more below).
- Use a secure, multilayered platform
Your website platform host should have protections in place on an application level, like contact forms, search tools and login fields.
- Focus on people
According to Kaspersky Lab, careless or unaware employees accounted for 46 percent of breaches in the past year. It is essential to train every employee in your organization on security practices and policies. Ongoing “refresher” activities and regular communication with employees will remind them to create strong passwords, change passwords at least every three months, use the internet appropriately and keep equipment secure. In addition, you should limit employee and contractor access to data where possible. According to PwC, insiders are considered responsible for 28 percent of cybercrimes.
- Monitor transactions
A security breach can, of course, occur through your storefront. Set up alerts to flag anomalies such as billing and shipping addresses that don’t match or a user placing multiple orders with different credit cards.