If you operate an e-commerce business, you may have found that the global pandemic has caused an increase of visitors to your website and with it an increase in sales. This trend shows no signs of ending anytime soon with research from Retail Economics and buy now pay later payment provider Klarna showing 71% of British consumers are hesitant to shop on the high street on the run-up to Christmas. 56% of respondents also said they plan to spend more online for Christmas than they have over previous years. Whether you’ve had an influx of online sales or not, one thing you should be prioritising with lockdown and increased home working is the security of your e-commerce system. Both new staff members and old should receive annual training on how to maintain the highest levels of security for your business and your e-commerce website.
As the numbers of Coronavirus cases have skyrocketed around the world, so have the number of cybercrime attacks and scams aimed to trick home workers into compromising their companies security. From fake contact tracing apps to phishing emails and scam COVID-19 domains, it’s sad to say that if you don’t organise regular security training for your team members that your e-commerce website will be hacked or compromised. The clock is ticking; it’s essential to train your staff on what to look out for and how to keep what they do safe and secure. Below we’ve listed some of the popular ways that your employees’ systems could be compromised; once this happens, it’s not a massive leap over to your e-commerce site.
In March 2020, email scams related to COVID-19 increased a staggering 667%. Email phishing scams can take several forms, but the end goal is usually the same, they want you to click on a malicious link. Once you click on a link, login credentials are stolen, or malware is added to your computer allowing remote access or the unauthorised collection of data. Some of the best ways to combat phishing attacks involve training employees on how to spot fake emails and links as well as stressing the importance of using your organisation’s email system rather than personal email for work purposes. The UK’s NCSC (National Cyber Security Centre) has a useful guide on defending your organisation from phishing attacks which can be viewed at https://www.ncsc.gov.uk/guidance/phishing
While your staff are working at home, they may be connecting to their work desktops using a remote desktop connection. When your system is set up to allow these remote connections, it is vital that default, ‘system accounts’ are disabled or restricted as these are a popular way for hackers to gain access to third-party systems. To access their remote desktop, a user enters their login credentials, and a connection is made from one computer to another. Problems, however, arise when a user’s computer is configured to remember connection details or not log out after a set amount of inactivity. If a users home computer is compromised by hackers, stolen or left unattended in a publicly accessible space someone could gain access to your systems. Likewise, if generic and easy to guess credentials are used to secure desktops, hackers could also gain access via brute force tactics. Earlier this year Microsoft released information for securing remote desktop usage within your organisation which is available at https://www.microsoft.com/security/blog/2020/04/16/securityguidance-remote-desktop-adoption/
With affordable cloud storage accessible to all businesses, both small and large, the cloud has become a reliable way to share, save and access files from your organisation for anyone not physically sitting in your office. Apart from allowing centralised storage, the cloud also protects from data loss with multiple redundancies in place to mitigate the risk to your business. Again, like everything else mentioned in this article, cloud storage is not without its risks and should be carefully monitored. The UK’s ICO (Information Commissioner’s Office) has put together a handy document on the use of cloud computing within your organisation available from https://ico.org.uk/media/fororganisations/documents/1540/cloud_computing_guidance_for_organisations.pdf
It’s likely your organisation has accounts with many websites, and when your employees are working from home, the temptation to send a list of passwords to help with productivity is high (this includes your e-commerce passwords). Imagine the risks to your business if just one of these lists were compromised. Employees should only be granted access to systems and accounts that are essential for their day-today job, minimising the potential for hackers to gain access to multiple systems. Further guidance is available from the UK’s NCSC (National Cyber Security Centre) as well as general advice on home working and the use of personal IT equipment from https://www.ncsc.gov.uk/blogpost/secure-home-working-personal-it
Coronavirus, lockdown and the pandemic has caused such disruption on a worldwide basis that we’re sure you don’t want to risk more problems. Take advice, use up to date systems specifically designed with security for home workers (such as Magento 2.4, which includes 2-factor authentication) and engage your staff members on the importance of e-commerce security. The benefits to your business are worth the effort.
3 Min Read
Published: 9 November 2020
Mat is the founder here at Actuate. His role focuses on strategy, culture, looking after our clients and every now and then getting stuck in with coding.