Know Your Enemy and Know Yourself
I am a business owner with a moderately sized gourmet food chain with three stores. My stores make $1 million sales in goods every year, though the online side of my business is what I’m concerned about, as it is at the moment susceptible to online cyber attacks, there are a few ways to manage and solve the issues at hand though. Before we even begin solving the issue we must identify how the site would run into any issues, be it threats from an outside party or internal issues with programming. A common type of digital threat that plagues sites is financial fraud, it’s a broad title covering a lot of different techniques, but a frequent one involves someone like a hacker gaining access to my customers information and making false transactions under their name or just straight up selling their info to buy it (American Express).
A more specific type of financial fraud scam is called phishing, in which a malicious party pretends to be us and converses with one of our customers in order to obtain data. Phishing scams are usually done through email, they might send a fake email to an innocent customer to tell them about a delivery order or to ask for their password to reset their account, and the victim would be none the wiser (American Express). In the larger internet as a whole, but e-commerce specifically, bots are a big issue, on websites tailored around food or goods, someone can flood products with bots to acquire large sums of good to be scalped later on, or review bomb listings, in where they give 1 or 2 star reviews with fake accounts to drive down engagement (American Express). The most basic but effective tactic in getting information is simply using malware to scrape sites of data, a hacker may implant devious code into the system, getting it to try and find as much data as it can off of our servers (American Express).
A very devious and common type of attack that trumps all of these though are man-in-the-middle-attacks, attacks in where a hacker will ‘listen in’ on convos we have with our customers usually by intercepting them on their public wifi connections, this can easily let the hacker gain access to basically all of your private info like credit cards, passwords, browsing history and purchases made (American Express).
Develop Your Strategy
All of the attacks listed sound scary, and while they are effective, I have ways of controlling or outright eliminating the problem altogether with some very simple solutions. For any data breach issues that involve impersonation we can handle it with hard to crack verification systems like Multi-Factor Authentication or comparing the billing card being used to the card you have on file for specific users (Forbes). Any issue involving the transaction of money can be solved through off-loading the payment methods onto a third party such as PayPal, this model is less likely to get any fraudsters to take advantage of it like an in site transaction service would. (Forbes)
A highly effective strategy is having a complex security system, which makes sure that it would be hard for any hackers to even attempt to get any data off of your users or website. An SSL certificate on your website is one of the most effective ways of preventing fraud or hackings, it encrypts data on the website ensuring that our customers info stays hidden when it’s transferred and when it’s just in our systems, preventing regular financial fraud and man-in-the-middle attacks (Forbes). While all of our techniques are hard to crack, human error is still a factor in our business, but this might be the simplest solution, simply making sure our customers and our tech experts are knowledgeable on these types of threats is enough to prevent human error from happening but in the event of a slip-up the ultimate fail safe is encryption of data, so even if a malicious fraudster has our data in their hands they want be able to crack it due to the hardwired encoding in all of our customers data (Robinson).
American Express. “E-Commerce Security Threats and Their Solutions.” American Express, 19 December 2022, https://www.americanexpress.com/en-ca/business/trends-and-insights/articles/ecommerce-security-threats-and-their-solutions/. Accessed 11 October 2023.
Forbes. “’;;.’” ‘;;’ – YouTube, 9 March 2019, https://www.forbes.com/sites/theyec/2022/03/17/nine-essential-security-steps-to-keep-your-e-commerce-customers-safe/?sh=3ddcc7f71cc7. Accessed 11 October 2023.
Robinson, Rick M. “Fail-Safe Security: Protecting Data From Cloud and Third-Party Risks With Encryption.” Security Intelligence, 11 October 2017, https://securityintelligence.com/fail-safe-security-protecting-data-from-cloud-and-third-party-risks-with-encryption/. Accessed 11 October 2023.