From Black Friday to Cyber Monday, online retailing is booming in the UK; in 2013 alone, UK Shoppers Spent 91bn online in 2013, a figure which is expected to exceed £100bn in 2014.
While this is excellent news for retailers, online stores are becoming increasingly attractive targets for major cyber attack and hacking.
Understanding your cybersecurity risks and protecting your network is crucial to keeping your online company in business.
Surely Hackers Do Not Target Small Business?
It’s easy to assume that hackers only target big brand retail websites. Still, in reality, hackers have begun to realise that small to medium-sized online retailers make easier targets because they generally lack Information Technology (IT) departments and the high-level security software that big retailers have.
The Federation of Small Businesses (FSB), has highlighted the threat to SME’s stating that the average small business loses £4,000 per annum from cybercrime attacks, most of which go unreported.
A cyber attack could knock a small-to-medium-sized online retailer offline for days, or even weeks, causing it to lose sales, customers and its reputation.
Worse yet, a single data breach could even force some small retailers out of business. Visa estimates that 95 per cent of the credit card data breaches reported to them happened with their smallest business customers.
What is a DDoS (Distributed Denial of Service) Attack?
Hackers can attack online retailers in several ways, one of which is a DDoS attack. DDoS, or distributed denial of service, is a type of cyber attack in which a hacker floods your retail website with traffic and overwhelms your server to the point that your legitimate customers are unable to access your site.
DDoS attacks can last anywhere from a few hours to a few days; meanwhile, your company loses out on business and may incur the cost of bringing in an IT specialist to investigate and stop the attack.
Who Is A Potential Target of a DDoS Attack?
Although DDoS attacks often occur on larger brand online retailers, no shop is immune.
Even physical stores are now offering a “Clicks and Mortar” approach or “Click and Collect” services, all of which can generate risk, particularly if a website is connected to back-office systems.
SME sized companies that rely on larger e-commerce providers or payment processing companies could be affected if those larger companies come under attack.
For example, Amazon or eBay sellers rely on these firms as their primary source of customer revenue, if either firm suffered a DDoS attack, it could have severe ramifications for a small business owner.
How To Reduce The DDoS Risk
To mitigate some of the DDoS risk, it is crucial to understand your Web hosting environment. Some examples of Web hosting include:
#1 Shared hosting
When multiple websites share a single server. This is the most common and economical option for small companies, as the host already has a DDoS response plan in place.
#2 Cloud hosting
This is a newer platform where the hosting is decentralised, and users are only charged for the services they use, not a flat fee.
#3 In-house hosting
A company, such as a larger online retailer, hosts its own site and assumes all of the responsibility for DDoS attacks.
Many small and medium-sized online retailers use shared hosting because they can’t host their own site. When selecting a Web hosting service, consider the following:
- Does the hosting company only cater to e-commerce clients, or to a variety of clients? The behaviour of other users on the server could impact the performance of your website.
- How many websites are packed on a single server?
- What type of DDoS response plan does the host have in case of a cyber-attack on the network?
Hackers love to steal personal or credit card data, and online retail websites have plenty of that.
With the increased use of wireless networks, data theft can occur more easily. Cyber threats include fraud, worms and viruses.
Most websites use secure socket layers (SSL), which are supposed to guarantee that login, password and credit card information are safe during a customer’s online shopping.
SSL relies on special electronic certificates issued to a secure website, but each browser validates the certificates differently.
Keep in mind that SSL is not immune from hacking, and beware of fake certificates.
How To Mitigate Data Breach
Are you providing your customers with a secure online shopping experience? Consider the following:
- Purchase as much security as you can afford. Consider how much a single breach would cost your company.
- Maintain continuous vigilance of your site and know your real customers.
- Have firewall segmentation between wireless networks and point-of-sale networks, or in front of any network that comes in contact with credit card information.
- If you suffer a data breach, communicate this to your customers.
Cybersecurity is a serious concern for retailers of all shapes and sizes operating with an online presence.
Specialist Cyber Insurance cover can be arranged which provides protection against losses from hacking, regulatory fines through a loss of data and even business interruption for loss of income.
At Insync our specialist Data Breach and Cyber Insurance cover can also be extended to cover complete management of a data breach or loss, including specialist PR and Legal support, managing the entire process to mitigate risk to your business.
FREE Business Insurance Review
We are here to help.
You can request a quote online, alternatively, why not book a free review at a time that suits YOUR diary, and we can help you find the right level of cover at the right price.