The number of records exposed by data breaches in the US has risen dramatically in the past few years, from 36.6 million in 2016 to 197.6 million in 2017, then jumping to a record high of 446.5 million files exposed last year.
According to IBM Security’s 2019 Cost of a Data Breach Report, the average data breach costs a company $3.9 million. In the state of California alone, there were 1,493 reported data breaches that compromised a total of 5.59 billion files between 2008 and 2019. As home to Silicon Valley, California is a more likely target for attackers. But no matter where your e-commerce company operates, it’s important to protect your data.
“The internet is everywhere, so there’s no reason you can’t be too. An attacker doesn’t need to see where you are, or what kind of data you’re moving. Many companies volunteer that information because they don’t take proper precautions, and some end up with an expensive and embarrassing ‘if only’ moment,” says Uzair Gadit, co-founder and director of Pure VPN. Here are some steps to fortify security and keep your e-commerce business safe.
Practice Good Internet Hygiene With A Trusted VPN
IBM Security’s report finds that in the event of a data breach, extensive use of encryption can save you $360,000. One way to do this is to use a virtual privacy network, or VPN. This is an inexpensive subscription service that reroutes all your online activity through an encrypted network. It encrypts the data coming and going from your computer, and acts as a privacy screen. Dubious onlookers can’t tell who you are, where you are, or what kind of data you’re moving.
“Normally it’s very easy for an onlooker to see, for example, that a device called ‘Kayla’s Macbook’ connected to the ‘Whole Foods Union Square’ wifi network and accessed Pinterest for 20 minutes of browsing before checking a Microsoft Outlook email account,” says Gadit. He also notes that Pinterest and email usernames are readily accessible. “But if the Macbook is running a VPN, all onlookers see is an anonymous user, who seems to be in Hong Kong, browsing Pinterest and Outlook.” And it doesn’t have to be Hong Kong, you can reroute your information through thousands of servers around the globe.
Use of VPNs is quickly becoming standard internet hygiene. You should never work on a public wifi network, like at a coffee shop or an airport, without a VPN. Public networks are often easy targets for man-in-the-middle attacks. Even if you work from home or an office, a VPN helps keep your data tightly packaged and opaque as it moves to and from your devices.
Host Your E-Commerce Site On An HTTPS
Another way to ensure encryption, this time for your customers, is to host your entire site on HyperText Transfer Protocol Secure (HTTPS). When you receive payments, you’re probably already using HTTPS (the more secure version of HTTP). But there’s no reason not to extend that level of security to every page of your website.
Like VPNs, using HTTPS pervasively is becoming industry standard. It’s a precautionary measure, it shows your customers you take their security seriously, and it helps with Google rankings. You can migrate your hosting to an HTTPS provider if you are not on one currently.
Enable Two Factor Authentication For All Business Accounts
Most SaaS companies now offer two factor authentication for login, meaning once you enter your username and password they’ll also text you a one-time security code just to be sure it’s you. It's a good idea to enable this whenever you can.
It could be your Square login, your financial institutions, or your social media accounts. These are the keys to your operation, so don’t take chances with them. And yes it’s a hassle, but get into a rhythm of changing your passwords regularly. You can always use a password manager.
E-commerce companies conduct business entirely in a vulnerable digital space, and data breaches are on the rise. But you don’t have to be one of the statistics. Keep your business secure and private, migrate your website to secure HTTPS hosting, and keep high standards for password usage. These are simple steps, and it’s not worth getting stuck with a $3.9 million oversight.
