Running an online shop is something the majority of businesses, creative with products to sell and individual entrepreneurs should consider when it comes to maximising their chances of succeeding. Ecommerce is a valuable tool, and if done right, can provide a significant income stream, but cybercriminals have realised that too, realising that they can make a small fortune through hacking. Recently, there has been a spate of high profile attacks on respected brands – the NASDAQ and even the iPhone.
In order to guard against this threat, it takes plenty of vigilance, but it doesn’t have to involve too much effort. Doing something about it is very important; as you can never be too sure how immune your ecommerce site is to the threat of being hacked into, with either your money or that of your customers prone to being intercepted and stolen.
Encryption the best option
First of all, when trying to guard your online shop from being hacked, you should encrypt all your data. While this doesn’t guarantee 100% security, it at least makes it extremely difficult for any money sent over to your account to be intercepted and stolen. Data encryption was undertaken by Riot Games, and as a result, all their customers were a lot safer when making payments.
Two more steps that need to be taken are installing a strong anti-malware program and the implementation of a security gateway through which every transaction is made. Both can add an extra layer of security which makes it harder for prospective hackers to get through to individual transactions, giving you and your customers a little peace of mind.
All three are important, but encryption should come first. Jim Seaman, the Senior Security Consultant for RandomStorm, said that following in the footsteps of Riot Games could be the best way to go for anyone with an ecommerce site.
“Although it is never good news when a high profile Web site is hacked, and user card transaction data is illegally accessed, but at least the players of the ‘League of Legends’ online game can be reassured by the fact that their information was encrypted when it suffered a recent breach affecting 120,000 transaction records.
“Riot Games deserve some credit for taking their users’ data security seriously and recognising the fact that no online resource can ever be 100% secure but, unfortunately, there are still too many other organisations who do not. So it is good news that the next version of the PCI DSS (V3.0) due to be released in November includes data encryption as a compliance requirement”, he added.
“Although the changes do not become mandatory until December 2014 hopefully any organisation that processes card payments will treat the Riot Games experience as a wakeup call and not wait until they become the next victim of a hack attack”, concluded Mr Seaman.