5 Tips to Protect Your Business From Data Security Breaches
Online data security breaches are continuing to increase every year and 2014 saw a record number of these attacks. Reports of security breaches around the world made headlines as numerous businesses discovered firsthand just how much damage a high-publicized breach can cause a business’s reputation. One of the hardest lessons often learned during a data breach is that security must be a top priority for all companies doing business online, irrelevant of size.
Studies found that the number of automated applications crawling and scanning websites outweigh the amount of human traffic, and that the websites of smaller companies receive up to 80 percent of automated scans. This rise in automation has made smaller businesses just as vulnerable as Fortune 500 companies. Going forward in 2015, here are five tips to protect your business from data security breaches:
1) Close the Gaps
Data breaches can occur on any area of a site that has a weakness that allows hackers to penetrate its systems. Specifically, there are two areas on all e-commerce sites that easy to hack: Cross Site Scripting, often referred to as XXS, and SQL, or Structured Query Language. Because most attacks are directed at website applications, a properly administered Website Application Firewall, or WAF, is high effective at thwarting these attacks.
Attacks on Cross Site Scripting occur whenever an application takes untrusted data from site visitors and sends it to browsers without properly treating, or validating, the data to check for malicious code. Cross Site Scripting is often used to highjack user accounts, change site content or redirect users to attack websites without the visitor’s knowledge. Many websites are susceptible to SQL-injection attacks, especially if their e-commerce application wasn’t properly constructed. This is easily done when attackers probe web applications with SQL queries in an attempt to extract data from the e-commerce application’s database.
2) Distributed Denial of Service
Some hackers take the brute-force method and flood websites with a high volume of automated traffic in an attempt to crash the site, called a “Distributed Denial of Service” attack. Just a single DDS attack can cost an e-commerce site over $400,000, and up to $40,000 per hour! This is a risk no business, of any size, can afford.
DDS attacks are frequently carried out with the hacker demanding a ransom to stop the attack. In other cases the DDS attack is simply used as a smokescreen to provide hackers with the time needed to probe websites for vulnerabilities. In either case, e-commerce businesses should employ DDS protection to identify and mitigate the effectiveness of an attack before it can take a toll on revenues. DDS protection is typically offered by hosting providers, so small-business owners should discuss options with their web-host provider.
3) Implementing Two-Factor Authentication.
According to Web giant eBay, stolen user credentials are one of the most common causes of data security breaches. Hackers use phishing, malware, social engineering and other techniques to discover usernames and passwords. Additionally, attackers often target administrators they locate via social networks by using spear-phishing attacks to secure confidential data.
Stopping this type of data security breach is as easy as employing a two-factor authentication method. After the standard login information, this second authentication factor is typically a code generated by an app or obtained via text message sent to the wireless phone of the user. While two-factor authentication has been in use for some time, expanding smartphone technologies have increased the options of two-factor authentication methods.
4) Website Scanning
Web scanners are a vital tool in detecting a wide variety of potential vulnerabilities, including both the aforementioned XSS and SQL injection vulnerabilities. Information obtained by web scanners can be utilized to evaluate the security of an e-commerce site and provide insights for programmers as to how to best reduce coding vulnerabilities. However, in order for scanning to be effective it must be used on a regular basis, not just every couple of years.
5) Keeping Your Friends Closer
According to the Ponemon Institute, third-party providers have a substantial potential impact on both the likelihood and scope of data security breaches. Just as a business would not trust their money to a bank that doesn’t use proven security measures, they should neither trust a third-party vendor that does not have rigorous security practices. As such, businesses should always inquire into a cloud software vendor’s security and what certifications the vendor has in place.
Whenever considering a new provider, online business should make certain the vendor employs the most up-to-date security measures and is compliant in Cloud-Security Certification SSAE16 and PCI-DSS, or Payment Card Industry’s Data Security Standard. Because the risk of data security breaches is so great in today’s online marketplace, if a software application introduces risk it should be avoided at all costs, no matter how good the application may seem.
Article provided by NECHES FCU, with convenient locations in Beaumont, Lumberton and Bridge City.
Neches FCU is a texas credit union and has an attentive team of professionals ready to serve their members. When the doors open at any of the several service centers, our core objective of “Ultimate Member Satisfaction” becomes the imperative for every representative. They are known for a personal, dynamic and fast-paced work environment, delivering a memorable service experience, and where clients are known by their name.
Neches FCU has approximately $438 Million in assets with over 45,000 members. Neches is considered by members and the business community as one of the top credit unions in texas and an actively involved partner, helping our Family, Friends and Community!