Malware is one of the most common and preventable cyber security threats eCommerce brands face today. Using malware, criminals can gain access to sensitive information, including customer payment data. A malware attack can damage the brand reputation you’ve worked long and hard to build. Learn your obligations under current payment card industry data security standard (PCI DSS) regulations, why they’re important, and the steps you can take to maximize security.
The Threat Is Real
Large-scale cyber security attacks get the most attention – for example, the infamous Target and TJ Maxx leaks caused serious damage to the brands’ earnings for the year. But even small businesses face daily threats. Security provider RiskIQ has been following multiple cyber attacks that has been active since March 2016. Throughout the course of its tenure, hackers have targeted more than 100 online shops from around the world, in industries from fashion to book publishing – even the gift shop of a cancer charity. It doesn’t matter if your business is large or small. Everyone is a possible target.
How Malware Works
Malware is a broad term to describe any number of efforts to hack into eCommerce organizations and steal customer data, including credit card numbers. Viruses, Trojans, and other malware programs wreak havoc by executing actions such as downloading software into a mainframe without permission, which relays customer credit card information to the hacker. Cyber-criminals take this downloaded information and sell it online.
Phishing is another form of cyber attack in which a cyber-criminal sets up a website that looks exactly like your e-commerce store. Instead of making a purchase from your website, customers are giving their credit card numbers straight to the criminal behind the fake website.
How Can I Protect My Company From Malware?
Companies must comply with industry regulations to maximize their security, but they need to take additional steps. The Federal Communications Commission recommends the following:
- Take initial inventory. What kinds of data does your company collect? How does the company handle this data? Data is most vulnerable when it’s on the move, so follow all applicable encryption regulations and ensure your servers have proper authentication.
- Who has access to your data? The more people who have access to your sensitive data, the more at risk your business is. We recommend only allowing key members of your organization access to sensitive data. For example, all members of your customer service team may have access to warranty information, but only managers have access to credit card transactions.
- Conduct regular employee training. Many of your employees may not fully grasp the threat of malware and the importance of your company’s security. Offer initial training for new hires, and follow up with regular in-service lessons.
- Have a contingency plan. Know what you’ll do in case of data loss and theft. Even if you take every precaution, a proactive approach will help minimize the aftermath.
Malware poses a serious threat to today’s eCommerce businesses, but we can respond to such attacks. By maximizing your cyber security efforts, you’ll position your business to run a safe store that customers know and trust.