{"id":5198,"date":"2020-12-14T08:00:47","date_gmt":"2020-12-14T15:00:47","guid":{"rendered":"https:\/\/www.numinix.com\/blog\/?p=5198"},"modified":"2022-07-28T22:47:49","modified_gmt":"2022-07-29T05:47:49","slug":"how-covid-19-is-making-cyber-security-a-necessity","status":"publish","type":"post","link":"https:\/\/www.numinix.com\/blog\/how-covid-19-is-making-cyber-security-a-necessity\/","title":{"rendered":"How COVID-19 is making cyber security a necessity"},"content":{"rendered":"<p><a href=\"https:\/\/www.numinix.com\/wordpress\/wp-content\/uploads\/2020\/12\/AdobeStock_245636933.jpeg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-5199\" src=\"https:\/\/www.numinix.com\/wordpress\/wp-content\/uploads\/2020\/12\/AdobeStock_245636933.jpeg\" alt=\"\" width=\"600\" height=\"370\" srcset=\"https:\/\/www.numinix.com\/wordpress\/wp-content\/uploads\/2020\/12\/AdobeStock_245636933.jpeg 600w, https:\/\/www.numinix.com\/wordpress\/wp-content\/uploads\/2020\/12\/AdobeStock_245636933-300x185.jpeg 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/a><\/p>\n<p><span style=\"font-weight: 400;\">Cyber security, also known as computer security or information technology security, is the protection of computer systems and networks from theft or damage to their hardware, software, or electronic data, as well as a safeguard against any disruptions or misdirection from the services that they provide. For all too many online businesses, it\u2019s not until after a security breach has occurred that their web security practices because their top priority, which is why it\u2019s a good idea to recognize how cybercrime can happen and take the precautions that may help you to stay protected against it.&nbsp;&nbsp;<\/span><\/p>\n<h3><b>Why do e-commerce businesses need it?&nbsp;<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">The practice of defending computers, services, mobile devices, electronic systems, networks, and data from malicious attacks is nothing new, however, throughout the COVID-19 pandemic, many online merchants have been forced to close their brick-and-mortar shops, making online stores an essential service provider. While more businesses than ever have shifted their attention to e-commerce, more shoppers than ever are making purchases online, which means that it\u2019s essential for you to ensure that your website can protect their cyber security. Since cybercrime can result in a loss of revenue, of data, and the overall viability and trust of your business, a breach in your online security systems could also mean the loss of your customer\u2019s information, which would not be good news for your business.&nbsp;<\/span><\/p>\n<p><b>How do hackers steal information from e-commerce businesses?<\/b><\/p>\n<p><span style=\"font-weight: 400;\">While cybercriminals use a variety of advanced tactics to gain control of your personal information, often they\u2019re able to easily compromise your website\u2019s applications because of a lack of security.&nbsp;<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Let\u2019s have a look at some common web security mistakes and how to combat them:<\/span><\/p>\n<ul>\n<li><b>Injection flaws<\/b><span style=\"font-weight: 400;\">: This mistake is a result of a classic failure to filter untrusted input. It can happen when you pass unfiltered data to the SQL service (SQL injection), to the browser (XSS), to the LDAP server (LDAP injection), or anywhere else. The problem here is that an attacker can inject commands to the entities, which results in the loss of data and the hijacking of your clients\u2019 browsers.<\/span><\/li>\n<\/ul>\n<p><b>Prevention<\/b><span style=\"font-weight: 400;\">: The good news is that it\u2019s easy to protect against injection! Simply filter your input properly and ensure it\u2019s from a trusted source. While filtering can be challenging, we advise you to rely on your framework\u2019s filtering functions. If you don\u2019t use frameworks, consider <\/span><a href=\"https:\/\/numinix.atlassian.net\/servicedesk\/customer\/portals?utm_source=Social_December2020_CyberSecurity\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">consulting with a professional web development team<\/span><\/a><span style=\"font-weight: 400;\"> to see what they can recommend.&nbsp;<\/span><b><\/b><\/p>\n<ul>\n<li><b>Broken authentication: <\/b><span style=\"font-weight: 400;\">This is a collection of multiple problems occurring during broken authentication, but not stemming from the same root cause.&nbsp;<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">For example:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The URL might contain the session ID and leak it in the referrer header.&nbsp;<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Passwords might not be encrypted in storage or transit.&nbsp;<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Session IDs might be predictable.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Session fixation is possible<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Session hijacking is possible (timeouts are not implemented, no <\/span><a href=\"https:\/\/www.numinix.com\/index.php?main_page=advanced_search_result&amp;search_in_description=1&amp;keyword=ssl%20certif&amp;utm_source=Social_December2020_CyberSecurity\"><span style=\"font-weight: 400;\">SSL security<\/span><\/a><span style=\"font-weight: 400;\">, etc.)&nbsp;<\/span><\/li>\n<\/ul>\n<p><b>Prevention: <\/b><span style=\"font-weight: 400;\">The easiest way to avoid the above web security issues is to use a <\/span><span style=\"font-weight: 400;\">framework. In case you don\u2019t understand how to roll out your own code, be sure to <\/span><a href=\"https:\/\/numinix.atlassian.net\/servicedesk\/customer\/portals?utm_source=Social_December2020_CyberSecurity\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">have a word with a professional<\/span><\/a><span style=\"font-weight: 400;\"> to see what the pros and cons are.&nbsp;<\/span><b><\/b><\/p>\n<ul>\n<li><b>Cross site scripting (XSS): <\/b><span style=\"font-weight: 400;\">This input sanitization failure is fairly widespread, giving the attacker the ability to give your web application JavaScript tags on input. When this input is returned to the user unsanitized, the user\u2019s browser will execute it. While it can be as simple as crafting a link that persuades the user to click, there are far more sinister methods that are used.&nbsp;<\/span><\/li>\n<\/ul>\n<p><b>Prevention<\/b><span style=\"font-weight: 400;\">: The easiest web security solution to the above mistake is to not return HTML tags to the client. This is an added benefit of defending against HTML injection, whereby the attacker injects plain HTML content. Workaround the issue by converting all HTML entities, so that <\/span><i><span style=\"font-weight: 400;\">&lt;script&gt;<\/span><\/i><span style=\"font-weight: 400;\"> is returned as <\/span><i><span style=\"font-weight: 400;\">&amp;1t;script&amp;gt;<\/span><\/i><span style=\"font-weight: 400;\">.&nbsp;<\/span><b><\/b><\/p>\n<ul>\n<li><b>Insecure direct object references: <\/b><span style=\"font-weight: 400;\">This mistake is when an internal object, such as a file or database key, is exposed to the user. The security vulnerability problem with this is that the attacker can provide this reference and, if the authorization is not enforced or is broken, the hacker can access or do things that they shouldn\u2019t be able to.&nbsp;<\/span><\/li>\n<\/ul>\n<p><b>Prevention<\/b><span style=\"font-weight: 400;\">: Remember to perform user authorization properly and consistently, and whitelist the choices, Since the whole problem can likely be avoided by storing data internally and not relying on it to be passed from the client via CGI parameters.<\/span><b><\/b><\/p>\n<ul>\n<li><b>Security misconfiguration: <\/b><span style=\"font-weight: 400;\">It isn\u2019t uncommon for web servers and applications to not be configured properly, so here are some things to be mindful of.<\/span><\/li>\n<\/ul>\n<p>For example:<\/p>\n<ul>\n<li>Running the application with debug enabled in production.<\/li>\n<li><span style=\"font-weight: 400;\">Enabling a directory list on your server.&nbsp;<\/span><\/li>\n<li><span style=\"font-weight: 400;\">Running outdated software.&nbsp;<\/span><\/li>\n<li><span style=\"font-weight: 400;\">Services running unnecessarily on the machine.&nbsp;<\/span><\/li>\n<li><span style=\"font-weight: 400;\">Not changing default keys and passwords.&nbsp;<\/span><\/li>\n<li><span style=\"font-weight: 400;\">Revealing error handling information to the attackers.&nbsp;<\/span><\/li>\n<\/ul>\n<p><b>Prevention<\/b><span style=\"font-weight: 400;\">: Ensure that you possess a solid build and deploy process, This will&nbsp;<\/span><span style=\"font-weight: 400;\">commit hooks, prevent code from going out with default passwords, and any&nbsp;<\/span><span style=\"font-weight: 400;\">development information.&nbsp;<\/span><\/p>\n<h3><b>How else can you protect yourself as an e-commerce business?&nbsp;<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">While there isn\u2019t just one way that you can protect your e-commerce store against cybercriminals, there are some steps you can take to keep up your cybersecurity.&nbsp;<\/span><b><\/b><\/p>\n<ul>\n<li><b>Set up a cybersecurity policy: <\/b><span style=\"font-weight: 400;\">This should be your first line of defence against hackers. To ensure that everyone you work alongside is on the same page, clearly state a set of policy rules in place for everyone within your organization, especially amid a global pandemic, where many of your employees may be working remotely.&nbsp;<\/span><\/li>\n<\/ul>\n<ul>\n<li><b>Create strong passwords: <\/b><span style=\"font-weight: 400;\">As one of the most important cybersecurity defences, a strong password protects your website and the information it holds. Be sure to include numbers, letters, both uppercase and lowercase, and symbols, and remember to change it often.&nbsp;<\/span><\/li>\n<\/ul>\n<ul>\n<li><b>Use a secure e-commerce platform: <\/b><span style=\"font-weight: 400;\">While you may select a particular e-commerce platform based on its capabilities, it\u2019s also important to consider one that offers extra protection against cyber threats. When customers aren\u2019t worried about giving merchants their payment information, you\u2019re able to build a community of trust within your niche industry. Unsure of where to research the various security features that each platform offers? Ask a <\/span><a href=\"https:\/\/numinix.atlassian.net\/servicedesk\/customer\/portals?utm_source=Social_December2020_CyberSecurity\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">professional web developer<\/span><\/a><span style=\"font-weight: 400;\"> what they would recommend for your online store.&nbsp;<\/span><\/li>\n<li><b>Keep away from scams: <\/b><span style=\"font-weight: 400;\">While this tip may seem like a no-brain, COVID-19 has sprung forth a whole new realm of cybercriminals looking to scam you. Be sure to stay vigilant at steering clear from any attempt to give up information that will compromise the security of your customers.&nbsp;<\/span><\/li>\n<\/ul>\n<p><strong>Do you still need some assistance with safeguarding your e-commerce website? Drop a comment below to ask us about any follow-up questions you may have. <\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cyber security, also known as computer security or information technology security, is the protection of computer systems and networks from theft or damage to their hardware, software, or electronic data, as well as a safeguard against any disruptions or misdirection from the services that they provide. For all too many online businesses, it\u2019s not until&#8230;<\/p>\n","protected":false},"author":269,"featured_media":5199,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[1141,1105,875,1142,644,1143],"class_list":["post-5198","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-miscellaneous","tag-cybercrime","tag-cybersecurity","tag-e-commerce-business","tag-professionalism","tag-security","tag-ssl-certification"],"modified_by":"Numinix Developer","jetpack_featured_media_url":"https:\/\/www.numinix.com\/wordpress\/wp-content\/uploads\/2020\/12\/AdobeStock_245636933.jpeg","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.numinix.com\/blog\/wp-json\/wp\/v2\/posts\/5198","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.numinix.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.numinix.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.numinix.com\/blog\/wp-json\/wp\/v2\/users\/269"}],"replies":[{"embeddable":true,"href":"https:\/\/www.numinix.com\/blog\/wp-json\/wp\/v2\/comments?post=5198"}],"version-history":[{"count":0,"href":"https:\/\/www.numinix.com\/blog\/wp-json\/wp\/v2\/posts\/5198\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.numinix.com\/blog\/wp-json\/wp\/v2\/media\/5199"}],"wp:attachment":[{"href":"https:\/\/www.numinix.com\/blog\/wp-json\/wp\/v2\/media?parent=5198"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.numinix.com\/blog\/wp-json\/wp\/v2\/categories?post=5198"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.numinix.com\/blog\/wp-json\/wp\/v2\/tags?post=5198"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}