Does everybody remember the heydays of the late ‘90s when
anything .com related was making money?
I certainly do. Those were exciting
times, and in some ways, wish that they would come back. Brings back the good times.
Well apart from the .com, there was also a craze back then
to start an online store. After all, it
was the era of Ecommerce, wasn’t it?
Back then, it was fairly easy to get one, as the major tech giants had
their own version of it. All you had to
do was buy a plan, and you were off in the running.
But with the sheer advancements in technology, you can
actually create your own online store with the current CMS that you are using
for your website (for example, Word Press uses Woo Commerce as their
customizable online store) and integrate the two together. In fact, many ISPs are now even offering
hosting plans in which you can build your own store using templates.
But whatever method you choose, online stores have always
been and continue to be a prime target for the Cyberattacker. This is especially the case of you are using the
CMS to create the store, as you will most likely being using open-sourced APIs
well. So what can you do protect yourself
in this regard? Here are some key steps that
you can follow:
1)
Be careful of what you store:
There is always the temptation to
store all information and data about your customer, as this makes it easier for
them to make future buying easy, and you want to them to come back as repeat
customers with the most convenience possible.
But given how data conscience everybody is here today, your best bet is
to store as minimal amount of information as possible, which even includes
credit card numbers. Remember, if your
database gets hacked into, you will be held responsible for all this. Not only will you have angry customers, but
the chances are even higher that you can face an audit , from auditors. You could also face a hefty financial penalty,
which could wipe you out permanently. Why
go through all of this. At the most you should
have is customer first and last name, and email address. That’s it, and nothing more.
2)
Keep track of all of the vulnerabilities that
are out there:
This may sound like an impossible
task to do, but the truth of the matter it is not. You can make use of AI and ML tools, or you can
even outsource this particular function to a reliable MSSP. Also, one of your best resource in this
regard is that of CISA. They post the
latest vulnerabilities on a regular basis (not sure if it is in real time or
not). You can check this out by visiting
their website at:
3)
Keep checking your systems:
By this I mean always check that
your online store is free from any vulnerabilities or gaps. The best way to do this is via a Penetration
Test. While these kinds of tests are
very comprehensive, the downside of them is that they are expensive. For example, one test can easily cost you
$30-$40,000. Imagine if you had one
every quarter for compliance reasons?
That can really hit the bottom line hard. But the good news here is that many Pen Testing
companies are offering hosted plans, which makes it very affordable. There are even some that let you purchase a one-year
license to run an unlimited amount of Pen Tests.
4)
Be careful of third-party vendors:
Creating an online store from
scratch can be actually a very complex process.
For this reason, you may even want to consider outsourcing the
development of it. But just like anything
else, be extremely careful here. Make
sure that whoever hire in the end, takes secure source coding very seriously,
and that a thorough QA test is done at the end.
Insist that any open-sourced APIs are tested also and upgraded. Also insist that you get access to each
source code module, so you do your own testing.
Remember that in the end, you will be held responsible if anything
goes wrong in this regard!!!
5)
Always keep a detailed history:
By this also, I mean keep a
detailed log history of each and every thing that happens on your online store,
even if it is non-financial in nature.
Always keep an eye for any suspicious transactions, or anything else
that may seem to be out of the ordinary.
This could be the first warning sign of somebody trying to break into
it. Remember to have all of this data
recorded to a SIEM, where it can be centrally stored and accessed.
My Thoughts On This:
As mentioned, before it may sound exciting to build your own
store. Btu consider the benefits versus
the risks. And most importantly, think
long term. If you really want to have an
ecommerce store, my best recommendation would be to go a hosting provider that
offers various different subscription levels, such as the Verizon Store that I
am currently using.
Just like a Cloud deployment, everything is pretty much taken
care of for you, all you have to do is enter in the product/services, and its
relevant pricing. And off you go in wild
world of online selling.
No comments:
Post a Comment