For any e-commerce business, protecting your company and your customer’s data is essential. The National Cybersecurity Alliance offers these ways to keep your online retail business secure.
Lock down your login
Fortify your payment terminals, accounts, and e-commerce platforms with strong, unique passwords for all accounts. A strong password is at least 15 characters long and uses a mix of uppercase letters, lowercase letters, numbers, and symbols (! or $). Ideally, your password does not include recognizable words and is just a random string of characters. Importantly, you want a special password for each account – use a password manager to generate, store, and maintain all of the passwords for your business. Use multi-factor authentication which requires something more than a password, such as a code sent to an email, an answer to a secret question, or a fingerprint scan.
Turn on automatic updates
Keep the software on all devices up to date and running the most current versions. Save yourself time and turn on automatic updates in the security settings to get the latest updates right away.
Think before you click
This may be the most difficult step to complete. Why? Because we’re human. The savvy criminals will try many different schemes to trick you. They’ll pretend to be your bank, payment processor, or a trusted business partner. If you receive an email encouraging you to take immediate action, scrutinize the message and sender before clicking on any link. If you have any doubt about the message being authentic, call the company directly or go to their website, but don’t use the contact information in the email itself. Don’t even click the unsubscribe button in a suspicious email. Scammers might also try to steal money or your personal information through phone calls or text messages. Financial institutions and government agencies (like the IRS) will NEVER ask for your login information over the phone.
Back it up
Protect your sensitive information and documents by backing them up. That way, if you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup. Backups are also lifesavers if your device breaks. Most devices now allow you to back up your data to the cloud, meaning remote, internet-connected computer servers. It is a good idea to back up important data on both the cloud and external storage media, like an external hard drive. You can even store the hard drive in a safe.
Communicate with others
Criminals constantly target consumers and merchants, but they increase their efforts during busy online shopping periods, like in the final few months of the year. Talk to your payment vendors and information security professionals in your community so you know the latest issues.
Encrypt payment data
Quality payment vendors will encrypt payment data while it is being stored and transmitted. Ensure your payment vendor does this, and if it doesn’t, consider a competitor that does. Encryption plays a highly important role in hiding sensitive payment data from cybercriminals.
Think about who has access
The fewer doors, the fewer ways in. Do an audit of who has administrative or privileged access to your e-commerce site and payment data. Restrict that access to only those who need it to do their jobs. Treat data like cash.
Here to help
If you have questions about keeping your e-commerce business safe, give us a call. We’re here to help.
Even if you leave your desktop computer at home, you’ll probably stay connected when you’re vacationing – you can check your phone on the beach or on a mountaintop. Travelers often rely on technology to enhance vacations, like by sharing photos online or finding lodging on an app. As you embark upon your next adventure, remain cyber safe following some simple practices to keep your vacation plans free from cybercriminal meddling. The National Cybersecurity Alliance offers these tips to keep you cyber-safe on your travels.
Add a simple cybersecurity checklist along with your packing routine before you depart for some rest and relaxation.
Travel lightly. Limit the number of devices you take with you on your trip. The more laptops, tablets and smartphones you take with you, the more risk you open yourself up to.
Check the privacy and security settings on web services and apps. Set limits on how and with whom you share information. You might want to change some features, like location tracking, when you are away from home.
Set up the “find my phone” feature. Not only will this feature allow you to locate your phone, it gives you the power to remotely wipe data or disable the device if it gets into the wrong hands.
Password protect your devices. Set your devices to require the use of a PIN, passcode or extra security feature (like a fingerprint or facial scan). This will keep your phone, tablet or laptop locked if it is misplaced or stolen.
Update your software. Ensure all the security features and software is up-to-date on your devices. Keep them updated during your travels by turn on “automatic updates” on your devices if you’re prone to forgetting. Updates often include tweaks that protect you against the latest cybersecurity concerns.
Back up files. If you haven’t backed up the data on your devices, like photos, documents or other files, do so before heading on vacation. If your device is lost, stolen, broken or you otherwise lose access to it, you won’t lose all your data. You can back up your data on the cloud, on an external device like a hard drive or, preferably, both.
Keeping information safe and secure is challenging developments for businesses of all sizes. Expeditious shifts from in-person to online to hybrid workplaces forced companies to change, or at least reexamine, their cybersecurity practices and protocols, and unfortunately, many weren’t prepared. In fact, according to CyberEdge’s Cyberthreat Defense Report, 85% of organizations suffered from a successful cyberattack in 2021.
Now, businesses who have suffered cyberattacks along with companies who’ve been fortunate enough to avoid being a victim of breaches and hack are looking at ways they can bolster their defenses and safeguard their data. But which plans, practices, and services should these organizations invest in?
Below are four steps businesses of all shapes and sizes can take to better protect themselves against cyberattacks:
Identify “Crown Jewels” of Your Business
Understanding what information cybercriminals are after most is essential to combating cyberattacks. Create an inventory list of the valuable data and assets within your organization, including manufacturer, model, hardware and software information. Take note of who has access to important data and information, accounting for all storage locations. This practice will ensure that business leaders have a track record of accessibility so that they know where to look in case of a vulnerability or breach.
Protect Assets by Updating and Authenticating
At the end of the day, protecting your data and devices from malicious actors is what cybersecurity is all about. In order to accomplish this, make sure your security software is current. Investing in the most up-to-date software, web browsers, and operating systems is one of the best defenses against a host of viruses, malware, and other online threats. Furthermore, make sure these devices have automatic updates turned on so employees aren’t tasked with manually updating devices. Make sure all data is being backed up either in the cloud or via separate hard drive storage.
Another important way to keep your assets safe is by ensuring staff are using strong authentication to protect access to accounts and ensure only those with permission can access them. This includes strong, secure, and differentiated passwords. Using weak and similar passwords makes a hacker’s life a lot easier and can give them access to more materials than they could dream of. Finally, make sure employees are using multi-factor authentication. While this may result in a few extra sign-ins, MFA is essential to safeguarding data and can be the difference between a successful and unsuccessful breach.
Monitor and Detect Suspicious Activity
Companies must always be on the lookout for possible breaches, vulnerabilities and attacks, especially in a world where many often go undetected. This can be done by investing in cybersecurity products or services that help monitor your networks such as antivirus and antimalware software. Make sure your employees are following all established cybersecurity protocols before, during, and after a breach. Individuals who ignore or disregard important cybersecurity practices can compromise not only themselves, but the entire organization. Paying close attention to whether your company is fully embracing all of your cybersecurity procedures and technology is incumbent upon business leaders.
Have a Response Plan Ready
No matter how many safeguards you have in place, the unfortunate reality is that cyber incidents still occur. However, responding in a comprehensive manner will reduce risks to your business and send a positive signal to your customers and employees. Therefore, businesses should have a cyber incident response plan ready to go prior to a breach. In it, companies should embrace savvy practices such as disconnecting any affected computers from the network, notifying your IT staff or the proper third-party vendors, and utilizing any spares and backup devices while continuing to capture operational data.
Cyber liability insurance is another option for businesses. This type of insurance generally covers businesses’ liability for a data breach involving sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers, health records and other customer information.
Source: The National Cybersecurity Alliance.
Cybersecurity has become one of the hottest topics both inside and outside of technology circles over the last two years. There is a seemingly endless newscycle dedicated to cybersecurity mishaps and concerns. It can be easy for everyday individuals to become overwhelmed and to feel powerless in the face of these ongoing threats to our online activities. But in actuality nothing could be further from the truth.
With all of the jargon typically thrown around in relation to cybersecurity, there is a longstanding misperception that cybersecurity is beyond everyday people and that it should be left to the professionals. That is simply not true. Individuals play a huge role in cybersecurity threat prevention, detection, and remediation. Unfortunately, many individuals are not aware of some of the best practices for boosting cybersecurity and how easy they are to use.
Here are key best practices that you can implement today to enhance your cybersecurity and create a more secure environment.
STEP 1: Watch Out for Phishing
Phishing – when a cybercriminal poses as a legitimate party in hopes of getting individuals to engage with malicious content or links – remains one of the most popular tactics among cybercriminals today. In fact, 80% of cybersecurity incidents stem from a phishing attempt. Keep an eye out for typos, poor graphics and other suspicious characteristics will help thwart these attempts.
STEP 2: Update Your Passwords and Use a Password Manager
Having unique, long and complex passwords is one of the best ways to immediately boost your cybersecurity. Password cracking is one of the go-to tactics that cybercriminals turn to in order to access sensitive information. And if you are a “password repeater,” once a cybercriminal has hacked one of your accounts, they can easily do the same across all of your accounts.
One of the biggest reasons that individuals repeat passwords is that it can be tough to remember all of the passwords you have. Fortunately, by using a password manager, individuals can securely store all of their unique passwords in one place. Meaning, people only have to remember one password. In addition, password managers are incredibly easy to use and can automatically plug-in stored passwords when you visit a site.
STEP 3: Enable MFA
Enabling multi-factor authentication (MFA) – which prompts a user to input a second set of verifying information such as a secure code sent to a mobile device or to sign-in via an authenticator app – is a hugely effective measure that anyone can use to drastically reduce the chances of a cybersecurity breach. In fact, according to Microsoft, MFA is 99.9% effective in preventing breaches. Therefore, it is a must for any individual that is looking to secure their devices and accounts.
STEP 4: Activate Automatic Updates
Making sure devices are always up-to-date with the most recent versions is essential to preventing cybersecurity issues from cropping up. Cybersecurity is an ongoing effort, and updates are hugely important in helping to address vulnerabilities that have been uncovered as well as in providing ongoing maintenance. Therefore, instead of trying to remember to check for updates or closing out of update notifications, enable automatic update installations whenever possible.
While cybercriminals continue to develop creative ways to trick unsuspecting individuals, implementing these tips will go a long way to helping you stay cybersmart.
Source: The National Cybersecurity Alliance.
The FBI is the lead federal agency for investigating cyber attacks and intrusions. They collect and share intelligence and engage with victims while working to unmask those committing malicious cyber activities. Learn more about what you can do to protect yourself from cyber criminals, how you can report cyber crime, and the FBI’s efforts to combat cyber threats. Stay Informed
The Internet allows businesses of all sizes and from any location to reach new and larger markets and provides opportunities to work more efficiently by using computer-based tools. Whether a business is thinking of adopting cloud computing or just using email and maintaining a website, cybersecurity should be a part of the plan. Read More
Identity theft is everywhere. Turn on your TV, and you’ll see “special reports” on how to prevent it. Turn on the radio and hear ads for services pledging to protect you from it. Search for it on Google, and you get 140 million results. In fact, according to a 2013 report by Javelin Research, there is one incident of identity fraud every three seconds. Read More
The amount of fraud being perpetrated against businesses is getting worse, both in terms of the number of instances and the amount of money that is being lost, and some of that can be attributed to worsening economic times, according to research. Almost half of the companies around the world surveyed by PriceWaterhouseCoopers (www.pwc.com) in 2009 reported that they suffered one or more instance of economic crimes. Read More