It’s well known in the cybersecurity space that eCommerce and Amazon FBA businesses are like a candy store for cyber criminals. Top that off with some pandemic, and you’ve got Christmas morning for criminals every day.
A perfect storm, a “pandemic within a pandemic”, has been brewing, and cyber attacks on small and micro businesses– many of them now eCommerce– have skyrocketed. eCommerce attacks surged in 2020, and according to Bloomberg, nearly 400 million customer records were exposed through attacks. Online retailers also experienced more than twice as many account takeover attempts than any other industry last year.
If you’re an eCommerce or Amazon seller who either thinks you’re protected or you’re too small for cyber attack, we’re not going to beat around the bush: it’s now not a question of if, but when your business will be hit with a crippling cyber attack, and this means lost sales, loss of reputation and even legal sanctions for your brand.
Here are 5 best practices you need to implement today to keep your eCommerce or Amazon business out of harm’s way.
No matter how big you are, you should first and foremost educate yourself on cybersecurity fundamentals at the very least for your business. Understanding your risk, industry best practices, and learning the steps you can take to lower your risk is paramount for any business owner. This means developing a habit to constantly review and keep yourself up to date on your business’s security–and even if you have an IT service provider looking after your security, you still should claim some responsibility in security best practices. The Small Business Administration (SBA)’s cybersecurity portal is a great place to start.
Creating–and most importantly, enforcing– a cybersecurity policy for your business will help keep you and your employees on track. You should develop official documentation supporting these policies and distribute these to your employees. Additionally, cybersecurity training should be provided to all employees and reinforced via regular review processes. Too many attacks occur from within the organization, employee behaviour being the cause, whether they intend to or not.
While there is a massive misconception about antivirus software and firewalls being sufficient for protection, we do think that if set up and used properly, these tools can help.
Small businesses should initiate some security by installing antivirus software and firewalls on their devices. Ensuring that your connected devices, such as your computers at home (don’t forget your remote workers’ computers), have at least this minimal protection is better than nothing at all.
The main point here is that you should not depend solely on antivirus software and firewalls to do the job in protecting you. No business, no matter how sophisticated its cybersecurity platform, is 100% protected from cyber attack. Antivirus software is not effective at detecting modern threats deployed by hackers, and firewalls lack the power to fully block ransomware entering or leaving data because it is encrypted.
If you have the budget and resources to implement a more advanced security platform for your business, you should obviously do that. Thankfully, there are some innovations catering to small businesses available that give you access to security the big guys use at more affordable prices.
Hackers love passwords. Passwords are the key to infiltrating your company and customer data, allowing them to completely take over your business in a snap. In fact, Verizon reports that over 80% of data breaches occur due to lost, stolen or weak passwords. 37% of credential theft breaches use stolen or weak credentials.
We get it– constantly changing passwords can be annoying. But password policies must be enforced. In these tumultuous times, it is absolutely essential that all employee devices accessing a business’s network be password protected.
And don’t forget about your third party vendors, suppliers and customers’ passwords, too. If login information is required to access your information or they enter passwords at any point in their shopping experience with you, it is critical for them to use strong passwords.
It is recommended that online businesses require their employees to change their passwords to all and any accounts every two to three months. Passwords should be at least eight characters in length and include a complex combination of upper- and lowercase letters, numbers and symbols. They should never be shared, and you should take steps to ensure each user has their own unique, private username and password login credentials.
When your business devices or network becomes a victim of malware or ransomware attacks, the consequences are dire: imagine being locked out of all your data and systems, resulting in a costly downtime, business interruption and lost revenue.
One of the best ways criminals infiltrate your systems with malware is via phishing. Phishing attacks occur when malware is installed on an employee’s computer when a link is clicked. Employees can access these links by simply clicking on a link in an email, for example. Do not ever assume you or your employees know how to recognize phishing emails and won’t ever open them (see #1 above regarding cybersecurity training!).
Consumer-targeted phishing and ensuring fraud is also on the rise. Customers receive an email “advertising” a special, exclusive offer, and this encourages them to click links leading to fake websites pretending to be your brand. While this strategy isn’t new, with the pandemic and everything shifting online, those who use digital anything in their daily life (shopping, work, communication) are now much more vulnerable.
At the very least, you should install anti-malware software on all your business devices, including your employees. You should also prioritize informing your customers of fraudulent emails and fake sites, warning them of the scams out there and offering advice on how to avoid being targeted.
Cyber criminals are always on the lookout for vulnerabilities, and eCommerce sites are no exception to this. If you use platforms like Shopify, updates to software are typically done automatically for you (but read on to learn about threats hitting plugins and apps you might use on these platforms). If you have an eCommerce site that requires you to update, fix bugs or patch up vulnerabilities yourself, you must stay on top of your game in doing so.
Using secure hosting like HTTPS, which requires an SSL certificate. You should also enforce your eCommerce store with security plugins, firewalls, admin login protection and secure payment processing tools.
In addition to backing up your data, make it a habit to regularly check all plugins and third-party integrations your website uses. There are a plethora of plugins and integrations accessible to eCommerce businesses, but you should be aware that these tools are just as susceptible to attack. And, they can effectively act as an entryway into your system for hackers. The goal should be to keep the number of parties that access your business and customer data to a minimum–if you are not using a plugin or integration, remove it from your site.
No business, regardless of size, is 100% safe from cyber attack. The pandemic has increased cyber insurance risks significantly, and small and micro business owners do not realize the magnitude of risk they carry when it comes to first and third party liability.
In short, first party cyber liability refers to the insured’s own costs and expenses in responding to and remediating a cyber attack on its network or that of a vendor or supplier. These risks can include data breaches, ransomware, and cyber extortion. The costs associated with a data breach alone can be staggering– the average cost of a single data breach to a small business can range from $120,000 to $1.24 million.
But third party liability is an even more terrifying risk that, alarmingly, many eCommerce businesses don’t even consider. If you think only the big corporations are subject to lawsuits, think again.
Third party cyber liability refers to fines, penalties and damages paid to others following a cyber incident. If your network is hacked and service to customers is interrupted, or if your CRM provider is breached and customer data is leaked on the dark web, you can be sued. You can also face regulatory fines for violating data privacy laws. Additionally, companies who suffer a breach often name every party possible in a lawsuit, including independent contractors and their small business partners and suppliers – even if they’ve never come in direct contact with the company.
The lesson is obvious. In addition to comprehensive cybersecurity practices, it is critical that you ensure your business is further protected with cyber liability insurance. Luckily, there have been advances in technology and insurance sectors over the past year that have made both cybersecurity and cyber liability insurance more easily accessible to small and micro businesses, including eCommerce and Amazon sellers. To learn about one platform that gives you the best of both worlds, click here.
The bottom line is this: Amazon and Shopify cannot fully protect your online business or your customers. If you think you are protected by the big guys, you probably aren’t. The time is now to take security measures into your own hands and protect your greatest asset today.
Chase Norlin Entrepreneur is the CEO of Transmosis, a nationally recognized Cyber Security Workforce Developer and the creator of CyberOPS, military grade cyber security protection for small business. Previously Norlin was the founder and CEO of Alphabird, named the 8th fastest growing company in America by Inc. Magazine. Norlin is a serial technology entrepreneur that founded the Internet’s first online video sharing platform and one of the first video search engines, photo sharing services, and video ad networks.
Chase Norlin is the CEO of Transmosis, a nationally recognized Cyber Security Workforce Developer and the creator of CyberOps, military grade cyber security protection for small business. Previously Norlin was the founder and CEO of Alphabird, named the 8th fastest growing company in America by Inc. Magazine. Norlin is a serial technology entrepreneur that founded the Internet’s first online video sharing platform and one of the first video search engines, photo sharing services, and video ad networks.
Get notified with new podcast episodes every week! Plus, actionable and practical eCommerce tips straight to your inbox.
No spam. Unsubscribe anytime.
Automated page speed optimizations for fast site performance