Top 3 Cybersecurity Concerns For E-commerce Businesses During Online Shopping Season

The holiday season is here, which means time with friends and family, overpriced pumpkin-spiced lattes, and online shopping! If you’re an e-commerce vendor, what can put a wrinkle in your plans for online shopping domination? Two words: bad actors… or economic slowdown… or angry Swifties. But we at decodingCyber can’t help with the last two, but we can help with bad actors (well, we might be able to help with angry Swifties, too).

Did you know that buyers and sellers will exchange well over $200 billion on Thanksgiving, Black Friday, and Cyber Monday, according to Adobe Analytics? That’s a lot of air fryers and lattes — and many reasons for bad cyber actors to attack your e-commerce business.

As an e-commerce vendor, you may have assessed your security situation and decided you have nothing to worry about. You’re protected by the companies you work with, like well-known web hosting services and reputable financial institutions. You’ve never had a data breach or encountered nefarious activity in your systems. You’ve never seen a strange charge on your ledger. Plus, you’re just one of thousands of companies, many of which are way bigger than you.

All that may sound nice, but the reality is that cybercriminals don’t care. They will go after the low-hanging fruit of online merchants not paying close enough attention to cybersecurity during shopping season while waging war against Fortune 500 companies. The truth is most businesses will face a cyberattack at some point. Bad cyber actors are always on the prowl, and with so much money and data moving around, they may view right now as the perfect opportunity to strike. This makes figuring out how to lessen the likelihood of a cyberattack critical.

3 ways to conduct a cybersecurity health check

Online shopping season is a great excuse to buy new toys, eat tons of food, and watch lots of shows. It also gives you an excellent excuse to give your organization a cybersecurity health check! You should:

1. Check up on your attack surface management. This means determining if you’re continually finding, tracking, and monitoring all your organization’s computers (and any vulnerabilities linked to them).

2. Review your website security. Cybersecurity measures can change quickly — Are you still following best practices?

3. Identify vulnerabilities in your computer systems. If you have a weakness that hackers haven’t exploited, you want to remediate it ASAP!

If your cybersecurity health check comes back with glowing results, that’s great. But you’ll still need to keep an eye on the threat landscape. As we’ve mentioned, cybersecurity is a never-ending war against bad actors. So, this holiday season, which fronts are you likely to be fighting on? What does that look like, and how can you win?

Let’s dive in!

3 cybersecurity threats every e-commerce business needs to manage this busy online shopping season

01. Data breaches: Increasing in scope and cost

The Issue

As an e-commerce business, data is your lifeblood. With every transaction, you collect personally identifiable information (PII), such as names, addresses, credit card numbers, and maybe even Social Security numbers.  If not adequately protected, this sensitive customer data is susceptible to bad actors. They’ll do nearly anything to steal it so they can use it to commit identity theft, fraud, and other crimes.

What’s alarming about data breaches is how they show no signs of slowing down in frequency or cost. According to Verizon’s annual Data Breach Investigations Report, 24% of data breaches start with a ransomware attack, which is when bad actors use malware (malicious software) to hold your business hostage, and 95% of incidents result in a loss costing between $1 and $2.25 million.

A path forward

So, how can you get ahead of these and proactively prevent such losses? Well, data breaches often happen due to human error — it’s a factor in 74% of them. That’s unfortunate, but it also suggests that businesses have more control than they might assume. One simple measure is ensuring employees know how to spot a phishing email. 

Password security is vital as well. By following best practices, you can significantly reduce the chance of accidentally giving your greatest enemies the easiest access to your business. Not having solid passwords is like leaving all your doors and windows unlocked — and walking around town, everyone is free to enter your store and take whatever they want. Sure, most people aren’t criminals… but do you want to take that risk?!

These measures should go hand-in-hand with technical solutions. To protect against data breaches, e-commerce businesses should implement early solid security measures, such as firewalls, intrusion detection systems, and data encryption. They should also regularly test their security systems to identify and fix vulnerabilities. Above all else, they should deploy a multifaceted, layered security, otherwise known as defense in depth.

02. Payment fraud: Stealing billions from consumers

The Issue

Bad actors might like Taylor Swift’s music as much as anyone. But what they really like is when millions of Swifties buy concert tickets online because that’s a golden opportunity to commit payment fraud. How does payment fraud work? Here are some of the favorite methods used by bad actors: 

• Phishing attacks — Sending emails designed to trick recipients into revealing their personal information, such as credit card numbers and passwords.

• Malware — Deploying malware (or malicious software) to steal credit card info from your computer when you buy things online like vinyl albums, such as "1989," "Reputation," or "Lover.”

• Friendly fraud (aka chargeback fraud) - Purchasing with a credit card and then disputing the charge, even though the goods (or services) were received. Friendly fraud can be challenging to detect and prevent.

Payment fraud is terrible for e-commerce businesses and their customers because it can lead to significant financial losses for both — and the costs are rising. Consumer losses totaled nearly $8.8 billion last year, representing a 30% increase from the year before, according to the Federal Trade Commission (FTC). The thought of losing money simply by shopping online rather than in person can make people more hesitant to hand over their bank details for that concert, and that’s bad for business.

A path forward

How can you counter payment fraud? On the technical side, you can ensure that you have security measures like zero trust, which means no one can enter your systems until they’ve been authenticated. E-commerce businesses should also implement fraud detection systems and payment gateways that use encryption. 

Another thing is consumer education. Just like you should regularly hold cybersecurity awareness training for your employees about cybersecurity, you should educate your customers about the risks of payment fraud and how to protect themselves when shopping online. If you don’t have an in-house team that can do this, no problem. There are lots of trusted partners that can quickly help you, whether you want to include effective messaging on your site or build an entire marketing campaign. If you don’t have any time or resources for this, one option is to share cybersecurity awareness sites like decodingCyber with your customers!

03. Denial-of-Service attacks: Setting new records

The Issue

Denial-of-Service (DoS) attacks can overwhelm e-commerce websites with traffic, making them unavailable to legitimate customers. This can lead to lost sales and revenue for your businesses… and angry Swifties searching for those concert tickets.

What might this look like? Imagine your customers are shopping online for Taylor Swift: The Eras Tour tickets and it takes forever for a webpage to load. And guess what? It won’t load at all due to an ongoing DoS attack! Now your customers aren’t happy Swifties. They’re angry Swifties, and they’re ready to take their business elsewhere… not to mention vent to everyone on TikTok and Instagram the horror of using your website.

During a DoS attack, your web servers are being taxed by too many fictitious requests that the servers shut down. If you think, “Pssh… does this happen in real life?” It does. Some of the biggest companies in the world say that they just withstood the largest DoS attack in the history of the internet — and that attack was seven times more powerful than the previous largest one that occurred just last year. Are you ready to do the same?

A path forward

Chances are that you won’t have to worry about the “largest DoS attack in the history of the internet,” but you should have a plan to address a DoS attack. To protect against such an attack, e-commerce businesses should implement various measures, such as load balancers, content delivery networks, and web application firewalls. Having a plan for what to do during a DoS attack is like having a cybersecurity incident response plan — every company needs one. Think about this: how much business would you lose if your website crashed during the peak of online shopping season?

Conclusion: Be prepared

Benny said it best, “By failing to prepare, you are preparing to fail.”

The online shopping season should be an exciting time when millions of customers and businesses link up to exchange goods and services and enrich each other’s lives. To stay ahead of the bad actors looking to take advantage of this opportunity and avoid any bad blood with customers, your e-commerce business needs to be prepared to prioritize cybersecurity and implement robust protections. Simply put, you must prioritize readiness this holiday season, or else "you are preparing to fail."

Everybody here wanted something more…searching for an article they hadn't read before!

Are you looking to go to a persona page?

Cyber 101 | The Solopreneur | SMB | BoD