This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
Following the massive internet disruption in the U.S., a Singapore-based broadband provider StarHub is the latest large network to be battered by two distributed denial-of-service (DDoS) attacks. These attacks attempt to deny real users access to your systems or networks by overwhelming them with bogus requests. Where there is money to be made, criminals are soon to follow, and the online retail market is a prime target for cybercrime.
Securing customer data and protecting your website from malicious attacks should be a no-brainer. Yet year after year, sites are getting hacked and sensitive data is being stolen. To combat this, here are 10 ways to protect data - and customers - from hackers this holiday season.
Use a secure connection for online checkout. Secure Sockets Layer (SSL) certificates authenticate the identity of your business and encrypt data in transit. This protects credit card and other important data while it's moving across the network. An Extended Validation SSL certificate provides a green bar in the browser, giving customers a visual indication that your site is secure and trustworthy. A logo from a reputable SSL provider on the check-out page gives customers peace of mind that the proper steps have been taken to handle sensitive data.
Set up system alerts for suspicious activity, such as multiple transactions from the same IP address or multiple orders placed by the same person using different credit cards or phone numbers. Always check that the order recipient name is matched with a credit card or debit card to avoid suspicious transactions.
Don't store sensitive data. Allowing customers to save credit card data in their account can make checkout faster and more convenient. However, companies should never store all the pieces of data required to complete the transaction, such as expiration dates or card verification values. In fact, storing all of this data is strictly forbidden by Payment Card Industry (PCI) standards.
Layer your security. Security starts at your ecommerce application, so make sure the administration panel is inaccessible to attackers and stay on top of new versions with security enhancements. When a new patch becomes available, install it the same day. This includes the web server itself as well as third-party code like Java, Python, Perl, WordPress and Joomla. A firewall, or multiple firewalls, is an essential part of stopping attackers by preventing them from entering the network.
Monitor your site regularly - and make sure whoever is hosting it is, too. Having a real-time analytics tool on your site is the cyber equivalent of installing security cameras in a bricks-and-mortar store. These tools allow you to observe how visitors are interacting with the site in real time, helping you to detect fraudulent behavior, so you should monitor your servers for malware, viruses and other harmful software. At a minimum, scans should be done daily, but during high traffic periods, consider increasing the frequency.
Sign up for Computerworld eNewsletters.