The saying “life imitates art” is true.
Take the case of life imitating your favorite Hollywood action movie. It always starts with the basic premise. A scientist discovers a cure that would rid the world of a deadly affliction. The entire world rejoices knowing life as they knew it would be back to normal.
Or would it?
In some deep, dark sanctum; far isolated from human view, an evil mind is plotting to steal “the cure” and sell it to the highest bidder where it can be made into a biological weapon that would end all humanity. When the scientist reports the cure has been stolen, he enlists the services of our hero to save the day.
As we always know, the hero always gets the bad guy in the end. But that is Hollywood, and this is real life.
Technology has served man very well. Its advances have helped mankind find solutions to events that have threatened its existence.
When businesses needed new avenues to route courses of action to allow them to survive, they created software programs that streamlined costs; social media networks proliferated to give businesses new ways to promote businesses. And of course, online retail and e-commerce businesses were born.
To keep things in perspective, the evolution of technology is Darwin’s Theory on Survival of the Fittest in action. Man used technology to protect and serve mankind.
The entrepreneurial spirit in man found opportunities to capitalize on yet address the issues that plagued businesses. It is a partnership in synergy. One that supports the interest of the other.
But there are opportunities and there are opportunists.
These are the unscrupulous people who seek to usurp the blessings of others. They scheme to siphon off the good deeds and relief presented to those in need by stealing confidential information.
These are the scammers, the Internet thieves, hackers, and cyber-terrorists who operate in some deep, dark sanctum unseen by everyone yet known by all.
These are the villains in the story.
They exist to create chaos; steal from you and benefit only themselves. They live for the notoriety; the reputation in their circle of having paralyzed you from making money. They are mercenaries; hired guns out to shut down institutions and big business. And if you’re not careful, your online business could end up as another notch in their belts.
How You Get Hacked
In Hollywood, hackers are often presented as young people who are IT geniuses, graduates of prestigious universities, or self-taught prodigies disillusioned with the world.
In reality, anyone can become a hacker. You don’t need a degree in MIT or AMA to become a hacker.
For $3,000 you can buy a complete, easy-to-put-together, and fully operational “exploit kit” which does the hacking for you automatically. All you do is set up, sit down and wait for your money to roll in. Until you get caught.
So now, the search perimeter has widened to include just about anyone with questionable character. Given the wide scope of possibilities, how do hackers get to you?
1. Phishing Scams
Who doesn’t need a little bit more money? Well, how about if someone promises you a million dollars if you could help him with his transaction? And it’s easy. All you need to do is send him your banking information including coordinates.
Or how about receiving a million dollars by way of inheritance from a dying spinster who has no beneficiaries and has decided to share the wealth with the world? All you need to qualify is to send personal information.
You might think no one would be foolish enough to fall for these tricks. But trust me thousands do all over the world, as a matter of fact.
Thousands fall victim to identity theft due to these schemes. This is why phishing scams also referred to as 419 scams are still popular.
2. Trojan Horse
Hackers can also plant a virus on your computer before you can do anything. They will send you e-mails on notice for delivery or reward; anything that will compel you to open the attachment.
This is to make the virus look “harmless” much like the legendary Trojan Horse of Greek Mythology. Once you do, the virus will be automatically uploaded to your computer.
Some have a roundabout way of doing these. They will come across as legitimate businessmen who want to consider your services for your company.
They will invite you to a Skype call. Once you accept their Skype invitation, they will send you a link to their company website. When you click, your PC and its contents are theirs. Chances are, you will never hear from them again.
3. Unsecured Websites
It doesn’t have to be malicious websites. These hackers can upload viruses on just about any internet site. Once you click onto that website, the virus scans your computer for “holes” it can override and exploit. If the first one won’t get you, maybe the next one will.
When the virus sees an opening in your network, it will automatically upload and retrieve valuable data or lay your PC to waste.
These hackers are all over the Internet. They can get to you from anywhere and everywhere. Facebook and LinkedIn will not matter to the hacker. They want what you have and will not stop until they get it.
E-commerce websites and other online businesses are prime targets because you store valuable data such as credit card numbers. Hackers get paid good money to steal credit card numbers.
It is a wide network of cyber-terrorists that spans the globe. You don’t know who they are, or where they are but rest assured they are there.
Many of us become complacent. We allow ourselves to fall into a false sense of security because we feel safe at home or in the office. We trust our neighbors, and our office mates and believe we’ve done enough to safeguard our business. But just because you don’t see them doesn’t mean they are not there.
By the way, your next-door neighbor can hack you if you are using open wi-fi. Try walking down around your neighborhood and see where your smartphone can pick up a wi-fi signal.
If your wi-fi signal is accessible, anyone, ANYONE, can use it to access the Internet. They can record everything that you do. They can use it for illegal activities like sending phishing scams.
And whose IP address will come out?
How to Secure Your Website and Business
It may seem like a losing battle, but it’s not. Cybercrime is a current reality everyone has to deal with. As honest, law-abiding web entrepreneurs we cannot go on the offense and fight these cyber-terrorists.
In the first place, it’s a waste of time and valuable resources. We don’t even know where to look. Second, it’s not our job. We don’t get paid to fight off hackers. That is the job of the government and its law enforcement agencies. Your mindset must be on the defensive. You must institute processes and programs and protocols to protect your website.
Here are a few ways to protect your website from being hacked:
1. Use a secure e-commerce platform
Choose an e-commerce platform that uses an object-oriented programming language that makes it difficult for hackers to decrypt.
Also, consider hosted services instead of self-hosted options. Hosted means the platform will lend you dedicated support, and there is less probability of the service going down.
If you decide to go with hosted, among the best platforms to consider are Shopify or BigCommerce.
2. Use a secure connection for check-out online procedures
A good number of e-commerce visitors abandon the purchase when it comes to the check-out stage. They become hesitant on providing credit card information.
Having a strong and reliable SSL or Secure Sockets Layer authentication to protect and encrypt the data in transit will go a long way in ensuring the confidentiality of your online customers.
Many e-commerce sites use live address verification services upon checkout. If the billing address does not match the address on the credit card or debit card, the purchase is declined.
3. Minimize storage of sensitive data
The less information you have stored in your e-commerce database, the lesser the risk of a security breach on your business.
The truth is you should not be storing too much information in your database. Confidential information such as credit card numbers, expiration dates, and credit card verification value should not be stored for extended periods.
Delete these types of information and store the ones that are needed for chargebacks and refunds.
4. Be on the lookout for suspicious activity
When it comes to cybercrime, a bit of paranoia can be healthy.
Set up system alerts for transactions that seem spurious. These include multiple transactions from the same IP address using different credit and debit cards.
Be wary of transactions using phone numbers from locations that are different from the billing address or orders where the recipient is not the name on the credit card.
5. Use layered security
Many e-commerce websites use firewalls which are standard defenses.
But in addition to firewalls, it would be advisable to add protocols to the mix such as contact forms, login boxes, and search queries.
6. Establish strict protocols
Whether you are running a one-man outfit or have people under your employ make sure there are strict protocols for everyone to follow no exceptions! These include the following:
- Restrict access to non-business-related websites in your network.
- Do not allow anyone to send e-mails or correspondence from unauthorized sites.
- Do not allow anyone to download programs, documents, and links without your clearance or authorization.
- Make sure everyone on the team has received proper orientation on troubleshooting procedures.
- Inform everyone not to click on any links and e-mails without your authorization.
- Do not accept invitations or open correspondences from those who are not in your network, or contacts list, and from unsecured networks.
7. Implement tracking numbers on all orders
You have to include tracking numbers to prevent chargeback fraud especially if you do drop shipping.
8. Police your website as often as possible
There are software applications that will help you monitor your website. Woopra or Clicky is a real-time analytics tool that allows you to observe how website visitors are navigating and using your website. You can easily monitor your website if anyone is committing fraudulent or suspicious behavior.
You should also check with your hosting services provider what their security protocols are. Find out how often they audit their servers for a security breach and how often they upgrade security measures and data protection programs.
9. Make sure your website is PCI compliant
PCI stands for Payment Card Industry, and it has set aside guidelines and measures to ensure the protection of all consumers who engage in the services of e-commerce websites. The objective is to eliminate identity theft.
The six requirements are as follows:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly test and monitor networks
- Maintain an information security policy
You can run a PCI scan such as Trustwave to make sure your e-commerce website is safe and protected from hacking attempts. Also, make sure your security programs are routinely updated. Data security companies are regularly updating their programs to stay ahead of hackers.
10. Remove unused programs
When you were building your e-commerce website, most likely many programs were installed to enhance User experience and of course, improve data protection and security.
But eventually, most of these programs become largely unused, redundant, or obsolete. If you are using WordPress, many plug-ins become outdated in a short amount of time. And if you are regularly updating anti-virus and other security programs, the earlier versions become useless.
If you do not remove these programs, they become points of entry for hackers. Many of the cyber crimes reported in the last few years were due to obsolete or unused plug-ins. Once you update a program, remove the old ones right away.
11. Consider DDoS protection and mitigation services
DDoS stands for Distributed Denial of Service, which provides cloud-based protection services. These not only lower the costs of security but help prevent large-scale and more complex cyber-attacks.
12. Consider hiring fraud management services
When it comes to online business, the customer is not always right. You can be a victim of credit card fraud if you are too trusting with customers or complacent when it comes to security. You can avail of fraud management services as well as chargeback services from the credit card company itself.
13. Have a disaster recovery plan in place
Check with your hosting service provider if they have a backup plan for your data. And you should think about this in your capacity as well.
14. Use Strong Passwords
This is a basic rule of data security, yet there are still those who use passwords that can easily be bypassed by hackers.
Remind customers to use longer passwords that combine alpha and numeric symbols. The longer and harder the password, the smaller the probability of being decrypted by hackers.
15. Reconsider having file uploading features
Many e-commerce websites that require subscribers and end users to open an account often carry file uploading features. This is primarily used for uploading a profile picture as the avatar.
Giving access to your website could pose a security risk. If you must include an uploading feature, you should remain vigilant about the files that are being uploaded.
Even if web servers by default do not allow files with image extensions to be executed, some files with the extension .jpg and .php can get through. The best recourse is to forego the option of uploading files onto your website.
Your online business can give you a secure lifestyle and a rewarding career. But just like your home, it can be infiltrated by undesirable elements. And you don’t know when these hackers will try to come and get you.
In ways protecting your online business or e-commerce website is like protecting your home. When you retire for the night, you want to sleep knowing your home is protected from intruders and invaders.
I’ve met people who give a lot of thought to home protection. They install CCTVs at the gate, at the front door, around the perimeter, and inside the house. Some even have an electrified fence!
There are light sensors at every access point, and the doors and windows have trip alarms. At night before going to bed, they release the guard dogs to patrol the perimeter of the house. Some even have guard dogs inside the house. This is an example of layered security. Every stage of entry has a contingency plan in case of a breach. You should consider the same approach when it comes to securing your website and business.
Next read: Where to go from here
Roel Manarang is a seasoned entrepreneur who helps businesses succeed through design and digital marketing. With over 10 years of experience, he has assisted 170+ global companies. Roel is the founder of Workroom, a digital marketing company, and Tycoon Philippines, an acclaimed business and finance blog. Find him on LinkedIn.