virus malware cloud 300x167 How to Protect Your E Commerce SiteOver the past few years, the number of e-commerce data breaches have risen exponentially, and the increase in numbers and frequency show no signs of slowing down, mainly due to a number of reasons:

First is the fact that the number of e-commerce sites continue to increase, which simply means that attackers who are after these systems will have more targets to go after. Next, compromising systems is becoming easier through the availability of sophisticated scanning tools that are either free, cheap, or cracked by the attackers themselves. Last, and probably the biggest reason is the really good payoff for the attackers. e-commerce sites nowadays store an abundance of personal information, with some sites holding an average of 50,000 to 100,000 personal records in their database. Considering that the price of a single data record on the black market is around a couple of dollars to $25, attackers stand to gain a lot of money for every single e-commerce site that they manage to breach.

If you’re a website administrator or programmer whose means of earning a living depend on these e-commerce sites, you’d want to protect them to the best of your ability. Here are a few tips that will help you do your job:

Encrypt Your Data

At all possible times, encrypt your data. There are people online that may be hired to hack any site and most of them are good enough to hack multi-national banks. If you can’t avoid storing sensitive data to the cloud, at least encrypt it.

However, do remember that the PCI standards expressly forbid storing of sensitive authentication data after authorization even if encrypted, so it’s a bit mind-boggling why a lot of e-commerce sites still choose to do so. There is very little good reason to store all of the records of your customers, especially full credit card numbers, expiration dates, and CVV2 codes. charge-backs and refunds only require a minimal amount of data, and even if it provides convenience to your users, the potential damage caused by a breach far outweigh any convenience they can think of. So start modifying your codes in order to stop storing sensitive data, and start purging old records from your database.

Put in Place Multiple In-Depth Strategies

Be redundant in your security system and employ multiple in-depth strategy  that overlaps and supports different system aimed at protecting your system against different points of failure.

If possible, employ more than one security team and get the services of hackers outside of your security agency. Get a good one.

Keep All of Your Sites Isolated from Each Other

It’s a really great idea to run a blog, a user forum, and an auction site under the banner of your main site, but if you’re going to do so, segregate them from each other or at least away from the main site. If you keep them hosted in the same server, you run the risk of exposing every single one to an attack if even just one site is compromised. There are many cases where a number of sites hosted in a single server were compromised simply because a wordpress plugin from one opened them all to intrusion.

Be Vigilant with Updates

This is already common sense if you’re a systems administrator, but still bears mentioning because a lot of admins still get caught with their pants down. Patch your sites, forums, web apps, etc regularly. Keep yourself up to date on what’s going on with the service that you are using, majority of them will release patches everytime a new exploit or vulnerability is found.

Robust Security System and Cyber Insurance

This is not a 100% surefire protection against breaches, but the technology and the industry have matured in the last few years. A typical insurance will include business interruption and damages to customers who own the data. These are usually customisable. This may not fully protect you from attacks but it will cover the damages when an attack happens.

Tagged with:
 
Hottest IT Skills in 2013 – Cloud, Mobile and BI
In 2012, more than 1.7 million jobs in the field of cloud computing remained unoccupied, according to analysts firm IDC. READ MORE
How Cloud Computing Influences Digital Marketing
Cloud marketing has the ability to drastically change the ways in which they reach and engage their audience, particularly with regard to distributing and storing mission-critical data. READ MORE
Gartner: BYOD to Take Center Stage For Mobile App Use by 2017
More and more companies encourage their employees to work on their devices, thus reducing the cost of computer equipment, but also increase the cost to maintain licenses and safety. READ MORE
Maturity in the Cloud: Start Thinking Like a Grown-Up
Despite the inclination to wait until all of the cloud’s kinks have been worked out, holding off on cloud initiatives until the industry matures won’t guarantee success. READ MORE
PwC: Cloud, SaaS and Mobile Are Changing Software Industry
The software industry is undergoing major changes by trends such as cloud, SaaS, mobile technology and the “consumerization of IT”. READ MORE
10 Cloud Computing Game Changers
Here are the ten most influential cloud computing companies, and the reason why. READ MORE