11 November 2020
Shoring up ecommerce website security can help businesses and their customers avoid a cyber nightmare before Christmas says CERT NZ, the government agency which supports organisations and individuals affected by cyber security incidents.
“We expect cyber attackers will try to cash in as more and more people flock to the internet to do their Christmas shopping,” says CERT NZ Director Rob Pope.
“Lax security measures for online trading websites can make it easy for attackers to steal customers’ money and data. This can also have serious ramifications for businesses, including loss of revenue and reputational damage.”
In response to this, CERT NZ has joined forces with Consumer Protection to promote secure online trading and shopping practices among businesses and customers.
The Trade Smart Online campaign, running for six weeks through November and December, includes advice about basic steps businesses can take, such as enabling HTTPS1 across their website or updating software and devices. Consumer Protection’s Buy Smart Online campaign focuses on consumers and provides steps they can take to stay safe and secure when shopping online.
Research from CERT NZ shows small and medium enterprises (SMEs) in New Zealand are becoming increasingly reliant on online trading. For instance, 41% of SMEs with an ecommerce website say online sales account for over half of their turnover.
Many SMEs with an ecommerce website have at least some of the recommended measures in place.
Research from CERT NZ shows small and medium enterprises (SMEs) in New Zealand are becoming increasingly reliant on online trading. Over 40% of SMEs with an ecommerce website say online sales account for over half of their turnover and many have at least some of the recommended measures in place.
However, only 34% of SMEs who have a website feel they have a reasonably good understanding of cyber security and 60% admit that they should do more to keep their business website secure.
As an example, 42% of SMEs with an online store run a quarterly vulnerability scan to check for any weaknesses in their website which attackers can exploit. A total of 40% have set up logs to monitor any suspicious activity on their website such as changes to files, configurations or unsuccessful login attempts. While 48% check and remove old plugins that could make their website exposed to a cyber attack.
“Being across everything on your ecommerce website makes it easier to detect when something is awry,” says Mr Pope.
“Lack of cyber security knowledge, money or time may be the reasons why some businesses are not properly securing their online stores. It can also be overwhelming knowing who to turn to for guidance, or knowing where to start.”
CERT NZ recommends businesses take the following four steps to cover the trade smart online basics:
- Enable HTTPS across your website to encrypt customer information which keeps in confidential
- Automate updates to ensure you have the most secure software
- Auto-renew your domain name to avoid attackers claiming it to set up a scam website
- Speak to your bank about becoming PCI DSS2 compliant to ensure customer card data is secure
More information about the Trade Smart Online campaign, including more tips to improve website security, can be found here.
Details about Consumer Protection’s Shop Smart Online are available on their website External Link
.