Take a few seconds to sit back, relax, and think of an e-commerce business. For many of us, the first ones that come to mind are Amazon, eBay, Wayfair, maybe even Etsy, if that is more your style. Some of the last companies that come to mind for most of us are the Mom and Pop Diner down the street. COVID-19, along with the ease of setting up websites and ecommerce shops, has exploded the need to be online. Having a webpage, even if it is as simple as a menu, hosted online is an expectation of the modern consumer. With this, every business has now become an online business regardless of who, or what you are selling.
Times have changed—quickly. Businesses have been forced to change too, especially if they want to continue to make a profit and serve their market. Although it is not easy to adapt to the changing times, for some, it is mandatory. You will not be able to sell your service or product when your doors are closed for business. If you continue to do business online, you are more likely to succeed during the crisis and beyond. Many companies are also noticing this online business not only sustaining them. Consumers, too, have been impacted by the added convivence; these preferences are unlikely to revert after the crisis is over.
Operating online presents risks for businesses of all sizes. Compliance with regulations and industry groups such as PCI will become more difficult for many businesses. It is clear your organization needs to instill a solid information security plan in place to face these everyday challenges. Your company might have already been an e-commerce business, but it is crucial to take the time to access your risk profile.
Below are a few recommendations as you take into consideration your company becoming an ecommerce company:
1. Update your website. Staying up to date with the latest available version heavily reduces your online risk.
2. Perform web application testing against your websites. Web application tests allow your company to know where holes may exist in your websites where attackers could use to both deface your site, or potentially host malware and other malicious programs for delivery.
3. Deploy a web application firewall to filter out the large majority of malicious traffic.
4. Specifically test your payment gateway and outsource payment methods where available. This both offsets risk as well as allows you to hold payment standards such as PCI off of your immediate risk.
5. Make the switch to HTTPS. This is a simple fix that not only will let your site be easier to reach, but at some point, sites without a secure certificate will not be able to be reached at all.
6. If you don’t have a cyber insurance policy, reach out to a broker. Although prevention is the best cure, these can be a lifeline during a major cyber-attack.
Implementing these six steps can save your organization from a business disruption or closure resulting from a cyber-attack. Now is not the time to have another impactful event to set your organization back. Be proactive with your organization’s security posture and avoid the headache and possible reputation crusher. It is not worth being in the news about something you could have easily prevented. Be there for your customers and allow them to continue to do business with you no matter what is happening in the world.