The holidays are the time that makes or breaks a large number of small online retailers, and everything has to fall into place for profits to show up on bottom lines.
This means marketing, advertising, sales workflows — and yes, online security — all have to be airtight in order for everything to work the way it is supposed to work. Phishing, spam emails and DDoS attacks are some of the many online threats that retailers face during the holiday season.
Small businesses online threats
Security is a particularly vulnerable area for many small businesses, who simply want to sell their wares and provide goods and services. They don't want to have to fight off bad guys in order to accomplish their mission, but this is 2021, and even small online retailers must pay more attention to cybersecurity, or else they risk much — perhaps the entire business itself.
From phishing to DDoS, here are the five most common attacks small online retailers (in fact, any retailer) can expect ahead of this year's holiday crunch time:
Attack No. 1: Phishing attacks
Go out of your way to be more intentional about reminding employees on how to interact with emails. If there is any question about an email from somebody you don't know or a company you've never heard of, make sure you (and your staff) know it and quarantine the email. Show them how to check URLs and usernames on the emails.
Cyber threats that came via email were up 64% in 2020 over 2019. It sounds pretty basic, but we're all on email all day long, and we work faster and harder during the holidays due to volumes of business. That's exactly when a phishing or ransomware scam can hit. Your company could be stymied for days or weeks until you can get out of a mess like that. Establish a protocol with your security provider to deal with suspected fraudster emails and stick to it.
Attack No. 2: Malware
Once they've done their homework on a particular company, hackers have been known to target key people with advanced-level access to an e-commerce site. They also may hit the server hosting the e-commerce site itself. When they decide to go this route, malware is the most commonly-used attack tool. Different types of malware are widely available on the black market, so it's used millions of times daily across the internet.
Malware is very hard to identify by a line-of-business employee, so this threat is best left to a security professional. Sometimes the malware will get embedded in a system and take months for an attack to show itself. Often malware will enable a hacker to take over control of your server and do some real damage; in a common scenario, it will allow hackers to gain access to data on your system/server or hijack some of your traffic. This could result in serious lost revenue for small businesses. To combat this threat, most online businesses will need a trusted security partner.
Attack No. 3: Credit and debit card fraud
Credit and debit card fraud is both common and insidious, and research shows it is the No. 1 type of identity theft fraud, responsible for an eye-popping 35.4% of all identity theft fraud. Credit and debit card fraud is so serious that an estimated more than $24 billion is lost to it annually.
Make sure that your API security connections to banks and other financial institutions are airtight and checked regularly. Your SecOps admin does this on a regular basis; if your business does not have a staff member for this basic function, make sure your security provider does.
Attack No. 4: Spam emails
Spam emails are also one of the major threats to small e-commerce stores. In many cases, phishing attacks and malware attacks are carried out through spam emails. Spammers also utilize stolen contact lists to hack the email accounts of individuals or organizations you know and then use these addresses to send spam emails aimed at entering your e-commerce store, hoping that you will believe them to be legitimate.
These emails can sometimes link to phishing sites or link to infected sites that can compromise your computer security. Once again, an annual brush-up class for employees (and yourself) on how to handle email in general might pay dividends for you and your business. It would be an hour-long conversation well worth having.
Attack No. 5: Distributed denial of service (DDoS) attacks
This will be something for company security admins and a security provider to handle, not something you can handle yourself. A distributed denial of service attack, or DDoS attack, is an attack in which an attacker uses multiple computers to hit your server with fake traffic in order to make your website inaccessible, or unable to function properly, for legitimate users.
While many business owners and managers are used to hearing about sites "hacked" or compromised in a way that leads to data being exposed, few are familiar with DDoS attacks and how damaging they can be; even the biggest e-commerce brands have fallen victim to these attacks. Make sure a plan of action is in place ahead of time, so when a DDoS attack happens, your company's data is automatically backed up and stored in a secondary location on-premises or in a cloud.
Tips for small business cybersecurity
- Make software supply-chain security a priority
Given these growing risks, it is critical that small businesses make software supply chain security part of their broader cybersecurity strategy, taking steps throughout the software development lifecycle to ensure they are carefully assessing and monitoring risks with respect to their third-party software vendors.
- Change your access passwords for all internal systems
Again, this is another simple-to-do security item that sometimes falls by the wayside, especially when internal fraud reaches its highest frequency during the busiest months of the year. It strengthens a key portion of the overall security apparatus, doesn't cost anything, and can be completed within a couple of days.
- Triple-check your email security
Remain vigilant and brush up on your email security do’s and don'ts. For a greater peace of mind, maintain a top-notch email security solution to stop large-scale phishing, targeted attacks, CEO fraud, and malware.
- Adopt the latest protection platform
Be sure to choose a protection platform designed for small businesses, such as GravityZone, which includes tools for risk analytics, prevention, automated detection and response actions and visibility.