Cybersecurity Awareness Month

As cybercrime escalates in 2022, learn what you can do to keep your website and your data safe from hacking, phishing, and other Internet attacks.

October is Cybersecurity Awareness Month.
About $445 billion is stolen every year throughout the world due to Internet crime.

Since 2004, then-President George W. Bush declared October to be Cybersecurity Awareness month. Cybersecurity Awareness Month is spearheaded by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) who both work with the government and the tech industry itself to raise awareness of Internet-based illicit activity, better known as cybercrime. Cybercrime ranges from fraud to full-scale national and international security threats and all Internet users, from world governments to the everyday citizen, can be a victim. Cybersecurity Awareness Month is aimed to help inform and educate Internet users of the current threats circulating across the Internet and how to protect themselves from being victimized online.

Common Examples of Cybercrime

Cybercrime has seen dangerous spikes in activity throughout the past 2 years, primarily due to crypto mining, the 2020 US presidential election, COVID-19 and more recently, last February’s invasion of Ukraine by Russia. October may be Cybersecurity Awareness Month but Internet safety and securing your important data away from thieves, hackers, pirates, and other cybercriminals needs to be a practice held throughout the entire year.

In this piece, we’ll list 5 simple ways to safeguard yourself and your business from being a target of cybercrime.

Cybercrime Statistics

Map of the world where Internet security is the safest and where it is the least-reliable.
  • Between 2020 and 2022, the highest number of data breaches were detected Q4 of 2020 with nearly 125 million cases worldwide (SOURCE: Statista).
  • The majority of cyberattacks originate from China, the United States, and Brazil (SOURCE: Cyberproof).
  • Cybercrime costs the global economy about $445 billion annually (SOURCE: Reuters VIA McAfee).
  • The largest data breach in history was Yahoo in 2016 with a total of 3 billion compromised user accounts, breaking the 2 previous records which were also held by Yahoo in 2013 and 2014 (SOURCE: NPR).
  • The most expensive data breach in corporate history was Epsilon in 2011 for $4 billion (SOURCE: Firmex).
  • China, the US, and Germany lead all other nations as the point of origin for SSH-attacks (SOURCE: Comparitech).
  • Most Spam EMails originate from Russia, Germany, and the US (SOURCE: Comparitech).
  • The most cyber-secure countries in the world are Finland, Ukraine, and Denmark (SOURCE: Comparitech).

5 Ways to Protect Your eCommerce Website

We don’t mean to drop any scare tactics here but the harsh truth is that anyone can be a target of cybercrime. To be a victim yourself is bad enough; your identity, your finances, and your reputation could all be compromised. But when your livelihood is rooted in the Internet, such as owning and operating an Internet business, yourself and your customer base all become potential targets.

Fortunately, you do have options in which to defend yourself against cybercrime. Here are 5 ways to protect your eCommerce website and safeguard your business, yourself, and your customers from cyber attacks.

  • Use a Secure eCommerce Platform
  • Maintain PCI Compliance
  • Use a Secure Connection
  • Encrypt Your Data and Use Strong Passwords
  • Don’t Store Data on Your Own Devices

Use a Secure eCommerce Platform

Choosing the right eCommerce platform on which to build the foundations of your retail website does help determine your potential for growth and success. But in addition to important functions and features used for management and operations, choosing the right eCommerce platform can also better protect you from the constant threat of cybercrime. SaaS platforms such as Shopify and BigCommerce include industry-leading security measures as part of their services but for those who use open-source platforms such as Wix and WooCommerce, users can download and install their own security patches and other anti-malware measures. The important thing to remember, especially with open-source eCommerce platforms, is to always make sure that the software and security are always up-to-date. SaaS platforms often provide merchants with automatic updates but open-source users need to do this on their own. Failure to maintain up-to-date software and security measures, even just 1 update behind, can be exploited–and all cybercriminals need is a way into your website, no matter how big or how small it may be.

Maintain PCI Compliance

PCI (Payment Card Industry) compliance is In a unified strategy for protecting credit card user information that is supported by credit card companies and merchants. A key goal of the initiative is to prevent credit card fraud and related security breaches.

PCI compliance is applicable to all companies, regardless of size, that accept credit card payments. There are 3 main pillars of PCI security standards:

  • Focused on Credit Card Data
    • Businesses that deal with credit card data directly must observe over 300 requirements as defined by the PCI security standard; the PCI security standard has 12 high level requirements.
  • Protecting Stored Data
    • Cardholder data should be separated from other business operations by companies storing cardholder data. Otherwise, all of their platforms will have to adhere to the PCI security standard.
  • Annual Validation
    • Annual PCI validation forms are required for businesses dealing with credit cards. A business’s annual transaction volume and a breach experience can influence PCI validation. In some cases, other parties may require a business to present its certificate of validation.

PCI Compliance Levels

  • Level 1
    • 6,000,000 transactions, or a business that has experienced a breach
  • Level 2
    • Between 1,000,000 and 6,000,000 Internet transactions
  • Level 3
    • Between 20,000 and 1,000,000 Internet transactions
  • Level 4
    • Under 20,000 transactions or under 1,000,000 physical transactions

12 Steps to Maintain PCI Compliance

(SOURCE: exabeam)

  1. Maintain a firewall – protects cardholder data inside the corporate network
  2. Passwords need to be unique – change passwords periodically, do not use defaults
  3. Protect stored data – implement physical and virtual measures to avoid data breaches
  4. Encrypt transmission of cardholder data across public networks – data must be encrypted, and you should never store card validation data
  5. Antivirus – use and regularly update antivirus on all systems holding sensitive data
  6. Develop and maintain secure systems and applications – actively search for vulnerabilities and remediate them
  7. Restrict access to cardholder data – sensitive data should be accessible on a need-to-know basis to reduce vulnerability
  8. Restrict access to system components – systems holding sensitive data should be accessible only with authentication and clear user identification
  9. Restrict physical access to cardholder data
  10. Track and monitor access to network resources and cardholder data – to provide an audit trail and assist with breach investigations
  11. Regularly test security systems and processes – identify weaknesses and remediate them
  12. Security policy – maintain a clear policy that addresses information security for all personnel

Use a Secure Connection

SSL certificates secure information transferred between your website and the server, such as credit cards, personal information, and contact information. Consumers may already know that whenever they enter sensitive information on a website, they should always look for a green lock image and https. These five letters are an important warning sign for hackers: they indicate the security of a particular webpage for providing financial information.

Encrypt Your Data and Use Strong Passwords

Encryption masks sensitive data with code or unique characters to prevent unauthorized access. Smartphones provide encryption but not all Android devices are on the same level of security when it comes to encryption. It’s not recommended to store sensitive data on your own devices (more on that shortly), instead, opt to store data on a cloud server. For password-protection, avoid using common words and simple number/letter combinations, common phrases, or easy-to-guess keywords such as birthdates. These are the easiest and most vulnerable to hackers. When assigning passwords, use a complicated mix of characters, letters, and numbers. To simplify the task of creating complex passwords, an automatic password generator can help create difficult-to-breach passwords, plus they save you the trouble of coming up with your own combinations.

Don’t Store Data on Your Own Devices

Storing sensitive data on your own devices is not only ill-advised, it also violates PCI standards.  Devices and machines can be physically stolen, which the thief/skilled hacker would have a large allotment of time in order to figure out how to gain entry to important data. Cloud services are recommended, as the data would be stored in a virtual location and protected against physical theft. Also, cloud services provide advanced data protection and up-to-date safeguards against widespread Internet hacking. In regards to computers, terminals, and devices on your physical location, routinely purge old records and only keep the least possible amount of data; typically, just the bare minimum that’s necessary for refunds and credit chargebacks.

Leave a Reply

Your email address will not be published. Required fields are marked *