How to boost e-commerce cybersecurity
Retailers have always been a target for thieves, but e-commerce businesses have some unique concerns when it comes to security. They don't have to worry about shoplifting, but online transactions make them responsible for sensitive customer data that can be an easy target for cyberattacks.
When that data isn't protected, the exposure can be costly to business owners and their customers. Consider this:
• Over 80% of retail hacking incidents in 2016 were denial of service attacks on ecommerce sites.
• Payment data was compromised in 57% of those attacks. (Source: Verizon Data Breach Investigation Report).
• Businesses spend an average of $879,582 in the aftermath of a data breach. (Source: State of Cybersecurity in Small- & Medium-Sized Businesses).
• 60% of cyberattacks hit small- and medium-sized businesses. (Source: The Need for Greater Focus on Cybersecurity Challenges Facing Small and Midsized Businesses)
Let's look at some things online retailers can do to reduce cyber risk from the onset.
Use an online payment processor
Online payment processing companies usually have better security than your average e-commerce site. However, you still have to pay for that protection. A 2017 analysis from web developer SitePoint compares a number of options and offers some tips for evaluating your processor. For instance, you may want to:
Deciding what currency you want to accept can affect processor choice. Stripe accepts Bitcoin, for example, while Amazon Payments and Google Wallet do not.
Ask about fees
Some processors charge fees, while others do not. International fees are another issue. If a large portion of your orders are overseas, Payoneer and Stripe may be best for your company.
Consider important features
Look into the extras each online payment processing company offers. Depending on your business, you may want to check out mobile payment options, the point of sale support, or other features your customers may value.
Comply with security standards for payment processing
The PCI Security Standards Council sets minimum standards that payment brands implement in each of their data security programs. Merchants are required to stay in compliance with these standards if they store, transmit, or process payment card information.
Some processing websites, such as PayPal and Stripe, allow users to offload their payment page. This helps ensure the online retailers are PCI compliant, and it keeps personal data from ever touching your server. If you are handling PCI compliance on your own, you might want to contact the payment brands you accept. They can give you more information about their compliance programs.
Deter DoS attacks
Denial of service attacks accounted for the majority of retail-specific hacking incidents. Unfortunately, preventing these attacks takes advanced tools and monitoring. The good news for you is that hackers typically aim DoS attacks at higher-profile sites and companies. However, you may still want to minimize your risks by keeping critical assets on separate networks, using multi-factor authentication, and checking with your provider on their role in the event of an attack.
You can find even more pointers in "6 cybersecurity tips for small retailers."
Carry cyber insurance
Ultimately, no security measure has a 100% success rate. That's where cyber liability insurance comes in. After a data breach, cyber liability typically helps cover costs, including customer notification, legal fees, credit monitoring, post-breach marketing.
Learn more about retail cybersecurity in "Common cybersecurity threats for e-commerce businesses."
Compare quotes from trusted carriers with Insureon
Complete Insureon’s easy online application today to compare insurance quotes from top-rated U.S. carriers. Once you find the right policy for your small business, you can begin coverage in less than 24 hours.