Connect with us

Cyber Security

E-Commerce in the Crosshairs: How to Keep Your Site Secure

Avatar

Published

on

Reading Time: 6 minutes

Secure SSL

If you have an e-Commerce site you are in crosshairs of hackers. Why? Because you are the goose with the golden eggs they covet most. You handle customer credit card and personal information that they want to steal and exploit.

They usually do it by either intercepting the messaging between you customer’s browser and your web site or hacking into your network to infect your web pages with malware. In some cases they break into databases to get customer data. You can be held liable for what happens to your customer’s data, but the damage to your reputation with your customers can be worse than the direct financial loss. Infected pages not only harm the customer but take longer to load.

According to the Aberdeen Group, 57% of users abandon a site if a page loadexceeds 3 seconds and 8 of 10 will not return to an e-Commerce site after a bad experience. You need to place a high priority on securing the site and protecting your customers if you want to protect your business. Here are 6 essential steps to take that are too often neglected.

1. Use Enhance Verification SSL:

Consumers are increasingly looking for assurances that a merchant is trustworthy. EV SSL sends exactly that message. Every site that exchanges financial or personal information requires using the Secured Socket Layer, enabled by SSL certificates. They provide a secured, encrypted connection between your visitors and your site.

However, not all certificates provide the same level of assurance to your customers. On one end of the scale are Domain Name certificates that simply verify that you are the owner of the domain name for which you requested. The highest level of assurance is provided by Enhanced Verification (EV) certificates where you are verified as an ongoing and trustworthy organization. EV certificates cost more, as you would expect, but they are well worth. Consumers are increasingly aware of the risks of online transaction and EV tells the customer that you can be trusted.

2. Use PCI and Vulnerability Scanning Services:

You need to proactively identify and address security issue before they damage your business. Many site operators assume that SSL is all they need to secure their web site. SSL provides a critical level of protection, securing the communication between your server and the site visitor’s browser. It does not, however, prevent network breaches and infection of your web pages with malware and malicious scripts. Unfortunately, for performance reasons web hosts do not do the type of malware scanning that you do on workstations and network servers. It would disrupt accessibility to your site. It’s up to you to protect your site in the event of a breach.

PCI and vulnerability scanning services will scan your web site on regularly basis to identify issues that would cause you to be non-compliant with PaymentCard Industry security requirements and other issues that threaten your customers. PCI and vulnerability scanning are often bundled together, but have different objectives. PCI Scanning, such as Comodo’s HackerGuardian, are designed to make it easy for you to meet your quarterly PCI compliance reporting requirements.

Failure to do so can result in large fines and even suspension of your ability to take credit cards. Vulnerability scanning, such as provided by Comodo’s Web Inspector, identifies issues such as infected web pages that would download malware to your customers. Web Inspector also monitors blacklist site that report malicious and compromised sites. Search engines such as Google will block such sites from being returned in searches. If consumers can’t reach your site it is effectively down.

3. Call in the White Hats!

Use penetration testing to stay ahead of the bad guys: If you operate your web site from your own network, your site is only as secure as your network. In the world of network security we sometimes call those who hack into computer networks with nefarious motives as “Blackhat Hackers”. When an organization wants, nay needs to go the extra mile to ensure they are safe from the Blackhats, they can call in the White Hats for Network Penetration Testing. Network Penetration Testing, aka pentesting, includes the same activities of the Blackhat Hackers, except they are conducted by “good guys” as a service.

They test networks and websites by manually simulating a hacker attack to see if there are security holes that could compromise sensitive data. White Hat testers identify critical attack paths in a network’s infrastructure and provide advice on eliminating these threats. They attempt to bypass security weaknesses to determine exactly how and where the infrastructure can be compromised. They utilize advanced hacking and social engineering techniques and the latest tools.

If vulnerability exists in your network, the bad guys will eventually find and the consequences for your customers and your reputation can be severe. Better that the White Hats find the issue first!

4. Use multi-factor authentication:

When the web was first introduced for commercial purposes in 1994, it seemed that authenticating users with a user id and password was good enough. Not so much today. Despite enhancements to SSL and advancements in network security, hackers have demonstrated the ability to intercept user ids and passwords.

There are two common techniques. First, the “man in the middle” attack where the hacker inserts a process in between the browser and web server and capturing the communication between the two. If the web server is using Enhanced SSL the web use should be alerted that there is a problem, but that assumes the web user is paying attention.

Second, if a hacker can infect a web site with malware it may be able to download a key logger and sniffer programs to the user’s computer. The hacker can then monitor where the user goes on the internet and capture their credentials when they login to password protected sites. Even if you have protected your network as discussed above, the visitor could have been infected from another web site.

You may have noticed, but financial institutions like your bank or brokerage firm don’t rely solely on a user id and password. If you change the computer you normally login from, they add an extra level of authentication to make sure it is really you. This is called “Multi Factor Authentication”, sometimes known as 2 Factor Authentication. For example, mybank will send me an authentication code to an email address or telephone number that they already have on file. I can use that number with my password to login. Unless the hacker also has access to my email or cellphone, I am the only one that it could be trying to gain access.

5. Trust seals matter. Use them:

Trust seals will increase your conversion rates and repeat customers Trust seals are images issued by a 3rd party that attest that your site has met a set of standards and criteria that make you trustworthy. Studies show that consumers are more likely to purchase from sites where they see such seals. They will increase your conversion rates and repeat customers For example, the Web Trust seal on the site of a Certificate Authority that issues SSL certificates attests that they meet the highest standards and operate with the best practices for a Certificate Authority.

If you use Enhanced Verification (EV) SSL you the issue authorizes you to display their trust sea to tell your site visitors that they can feel safe doing business with you. A surprising number of sites have invested in EV SSL, but do not prominently display their seal. Today, with all of the concerns about safety and security when online, consumers need all the assurances you can give them.

6. Use a Managed DNS:

Using a managed DNS service can improve your network and web site performance and provide additional security. When you communicate on the internet, domain names that are easily understood by humans must be translated into related IP addresses that identify each computer on the internet. The translation is done by a Domain Name Server (DNS), usually provided by the Internet Service Provider or setup by the company itself.

If you use the DNS of your service provider you have no control and your performance can be erratic. If you create your own DNS, you cannot setup it up a web site on a shared server and the security is only as good as your network. It also has to running 24/7 for your site to be accessible 24/7.

A much better idea is to sign up with a managed DNS service to host your DNS. These are companies that have established their own network of DNS servers and add features to improve performance, security and protections. DNS performance can be very important in how fast a web page loads. For example, DNS.com offers additional features that you do not get from your ISP:

  • Security: Protection against malware, Denial of Service Attacks (DOS), phish blocking, blacklist prevention, etc
  • content filtering
  • 100% uptime SLAs
  • Web interfaces for managing DNS and DNS records

e-Commerce security starts with the right ssl certificate, but there is so much more to it than that. You must protect your whole web site and your network to protect your customers and your business.

Related Resource:

TEST YOUR EMAIL SECURITY GET YOUR INSTANT SECURITY SCORECARD FOR FREE Source: https://blog.comodo.com/e-commerce/e-commerce-in-the-crosshairs/

Cyber Security

Simple Steps To Protect Your Business Data Across Mobile Devices

Avatar

Published

on

Data security is always the top priority for businesses of all sizes, and there is never a moment you should go slack with it. However, this gets challenging as businesses generate massive volumes and a variety of data every day. Another fact that adds to the challenge is that this data comes from and goes to mobile devices as well. Every mobile device in the corporate infrastructure is like a weak point that hackers can compromise and steal the data on it. So it makes sense to go the extra mile with the right security measures to protect the corporate data across mobile devices.

It sounds challenging, considering BYOD is a norm for most organizations today, and there may be hundreds of mobile devices in the ecosystem at any point. Managing them all can be a big task for your IT security team. However, the right tools coupled with a proper mindset can help you secure sensitive data on mobile devices without much work. Let us explain some simple steps for mobile data security every business should have in place.

 

Have a BYOD policy in place

When it comes to protecting business data in the current landscape, nothing is more important than having a formal BYOD policy in place. After all, you need to make sure that there are no unintentional and malicious threats at the hands of employees bringing their personal devices into the corporate ecosystem. The critical elements of this policy include password norms, installation of remote wiping software, protocols for reporting loss or theft of devices, and use of protective security software for device-level security. Education and training for your employees are vital because they should know how to safeguard company data while accessing it from their own mobile phones.

 

Maintain access control to mobile devices and data

Maintaining access control policies is vital to prevent unauthorized users from accessing your mobile devices and data. Mobile device management (MDM) solutions are a critical investment for enterprises as they enable access management. These solutions create identity and authentication protocols for devices by installing an MDM agent on them and monitoring access requests. With this, you can make sure that nobody outside the business can access the devices. The security protocols cover the data stored on these devices as well. It ensures data encryption while uploading or downloading from a device. Further, data is secured with access regulations that permit only authorized users and applications to use it.

 

Ensure that devices are updated at all times

Your business data is only as secure as the devices that house them, which means that you should go the extra mile with device security. The latest software updates are critical for mobile devices because they include patches for various security vulnerabilities. These holes can expose the device and data to malware and other security threats. As a security best practice, ensure that all employees install the updates at the earliest. Apart from software updates, they should also cover their devices with reliable antivirus software. At the same time, make the users aware of the suspicious sites and apps that could bring malware to their devices, so that they can steer clear of them.

 

Discourage the use of public Wi-Fi networks

Public WiFi networks are perhaps the biggest threat to corporate mobile device security strategy. A device connecting to a public Wi-Fi network becomes an easy target for any hacker or malware looking to compromise hardware and data. This is perhaps the simplest way they can break into your network and cause havoc, so you need to make sure that it never happens. Enterprises need to enforce strict rules that discourage users from accessing these networks because they can pose a serious risk to sensitive business data. Training your employees and educating them about the perils of using public Wi-Fi is also important.

 

Have native device and OS security tools in place

When you implement a BYOD policy for your organization, it is likely that there will be multiple device types and diverse operating systems in your ecosystem. These devices and OS usually include built-in security tools, but best-in-market mobile device management solutions always give you an additional layer of safety. Have a close look at the available security tools and assess whether they are good enough from the enterprise device security practices. Sometimes, they may not be enough to protect a device fully, so you cannot rely solely on them.

 

Back up mobile data regularly

Even if you take all the steps to secure your devices and data, disasters can still happen. If corporate data is compromised, you may have to delete it, or it may not be accessible anymore. It makes sense to back up the data on BYOD devices regularly and maintain it as a routine for all the employees using such devices. Do not consider it as a one-and-done deal; rather, enforce it as a rule that the entire organization has to follow strictly and without any exceptions.

 

Evaluate your MDM strategy periodically

Although you may take all the steps required to create a robust MDM strategy for your business, there isn’t a guarantee that it will always work. One of the tools may not be good enough, or an employee may not be adhering to the BYOD policies properly. There is always a chance of a new threat surfacing in the evolving cybersecurity landscape. Evaluating your data security plan periodically helps you find holes that need to be addressed sooner rather than later. Also, it keeps you prepared to deal with security threats that may arise anytime in the future.

 

🔥👉 Allowing personal mobile devices in the corporate ecosystem is fraught with risks, but not doing so can compromise with the flexibility and mobility of your business. The best thing to do is to keep tight security controls over your business data and devices so that you can get the best benefits while minimizing the risks. A reliable mobile device management solution has you covered, so implementing one is worth the effort.

source: Plato

Continue Reading

Cyber Security

Quelques conseils pour améliorer la sécurité informatique afin de ne pas perdre des données personnelles

Avatar

Published

on

On n’arrive souvent pas à y croire, mais il est quasi-impossible de vivre sans informatique dans notre vie quotidienne. Tout se fait avec un ordinateur ou un smartphone, depuis la simple réservation d’une table au restaurant, à l’organisation d’un voyage à l’autre bout du monde.

Même les billets de train ou d’avion ont presque disparu au profit des billets électroniques à QR Code. On vous souhaite une bonne chance d’essayer de vivre dans notre société actuelle sans un outil informatique dans la poche. En réalité, c’est juste impossible.

C’est indéniable que cela apporte un lot de facilitations dans la vie quotidienne, étant donné qu’on peut tout faire depuis un smartphone ou un ordinateur. Cependant, cela apporte également un lot de risques qui sont liés aux données personnelles.

Aujourd’hui, nous allons voir quelques conseils qui permettent d’améliorer la sécurité de nos données personnelles. On y va ! 👇

 

Qu’est-ce que la sécurité des données personnelles ?

La sécurité des données personnes est tous les systèmes, mécanismes, protocoles, actions, etc. utilisés afin de s’assurer que nos données personnelles (comptes bancaires, informations personnelles, comptes professionnels et privés, etc.) restent en sécurité et intouchables par des personnes malveillantes. C’est peu de dire que c’est une chose très importante quand on sait que pratiquement toutes les données de nos vies sont gérées par plusieurs systèmes informatiques.

 

Comment assurer la sécurité de nos données personnelles ?

Pour commencer, aucun système au monde est infaillible. Cela est dû au fait que ces systèmes ont été et sont créés par des hommes, qui sont eux-mêmes imparfaits.

Cependant, les ingénieurs et développeurs sont quand même très intelligents pour créer des mécanismes de protections, et nous, en tant qu’utilisateurs, on doit également faire attention et prendre certaines mesures.

Voici quelques conseils pour assurer au mieux la sécurité de vos données personnelles.

 

Ne jamais utiliser un ordinateur public

Le premier conseil est de ne jamais, au grand jamais, utiliser un ordinateur public pour consulter les mails, les comptes bancaires, les commandes en lignes, les réseaux sociaux, etc. et tout ce qui touche de près ou de loin à votre vie personnelle. « Mais pourquoi ? » diriez-vous. Tout simplement parce que sur un ordinateur public, dieu seul sait ce qu’il y a dedans. Il doit sûrement y avoir virus, trojan, spyware, malware, key-logger, etc. et toute une autre panoplie de programmes malveillants qui se feront un plaisir de voler vos données personnelles. Donc, en gros, évitez à tout prix ces ordinateurs. A la limite, vous pouvez les utiliser pour faire des recherches sur Internet. Aussi, évitez de brancher des clés USB ou des supports amovibles sur ces ordinateurs car vous allez transporter les menaces vers votre ordinateur personnel.

Toujours vérifier la provenance des mails. Ces derniers temps, on voit que les pirates reviennent en force avec le phishing. Le phishing consiste à tromper les personnes avec un faux site web pour que celles-ci y entrent leurs informations personnelles. Du coup, quand vous recevez un mail de votre banque par exemple vous invitant à cliquer sur un lien pour mettre à jour vos informations personnelles, c’est sûrement du phishing, surtout quand les informations demandées sont le nom et le prénom, date de naissance, numéro de carte, etc. Dans le doute, vérifiez la provenance de l’email car ce genre de messages ne proviennent jamais d’institutions légitimes. Et si vous n’arrivez pas à déterminer l’adresse mail de l’expéditeur, cliquez sur le lien et vérifier l’adresse du site web. Dans tous les cas de phishing, le site web du lien n’a rien à voir avec le vrai site, sauf pour le design.

Faire attention sur les réseaux Wi-Fi non sécurisé. Plusieurs espaces publics proposent des connexions Internet gratuites pour tout le monde à l’aide de Wi-Fi non sécurisé, étant donné que c’est plus facile à mettre en place et à gérer. Mais, ce qui n’est pas dit, c’est que les réseaux Wi-Fi non sécurisé sont des espaces où toutes les données ne sont pas cryptées. Il suffit à une personne malintentionnée qui se trouve sur le même réseau pour capter toutes les données transmises sur le réseau assez facilement. Donc, si vous devez utiliser ce genre de réseau pour une raison ou une autre, évitez à tout prix de faire des achats, de consulter vos mails et vos réseaux sociaux, de consulter votre 

banque, etc. et tout ce qui touche aux données sensibles. Vous pouvez faire de simples recherches sur ces réseaux, ou regarder des vidéos dessus sur YouTube ou autre plateforme de streaming gratuite (pas de Netflix ou Prime Video).

Utiliser un bon antivirus. L’antivirus permet de garder sûr vos appareils (PC, smartphone, tablette, etc.) contre les menaces informatiques. En utilisant un bon antivirus, vous aurez la certitude d’avoir le meilleur outil pour faire un excellent travail, et de plus, vous pouvez avoir ici des promotions très intéressantes sur une large gamme d’antivirus. Autre chose, laissez l’antivirus faire son travail sans interférer, car ils sont maintenant très performants et peuvent fonctionner tout seul.

Utiliser un mot de passe complexe. Pour tous vos comptes en ligne (PayPal, banque, etc.), il est plus que conseillé d’utiliser un mot de passe complexe, avec des lettres, des chiffres, des caractères spéciaux et des majuscules/minuscules. Pourquoi ? Parce qu’un mot de passe simple est facile à craquer en utilisant la force brute. Par contre, un complexe ne le sera pas, ce qui augmentera la sécurité de vos données personnelles. Aussi, si vous avez la possibilité d’utiliser un gestionnaire de mot de passe, faites-le car ils sont pratiques et performants.

 

👉  Voilà quelques conseils qui permettront de rendre vos données personnelles encore plus sûres dans notre monde numérique. C’est des conseils faciles à mettre en place et qui vous sauveront la vie à coup sûr.

N’hésitez surtout pas à vérifier et revérifier tout ce que vous recevez dans votre boîte mail, car les personnes malveillantes sont de plus en plus ingénieuses pour voler vos données personnelles. Faites attention et tout se passera bien.    

 

Source: Plato

 

Continue Reading

Cyber Security

Payment Card Records Stolen from US-Based Restaurant Dickey’s Barbecue Pit

Avatar

Published

on

payment card

On the Dark Web marketplace, Gemini Advisory says, a data collection of millions of payment card documents allegedly stolen from US-based restaurant chain Dickey’s Barbecue Pit has surfaced.

The details, posted on the underground marketplace of the Joker’s Stash, appears to have been obtained from over a hundred compromised locations. The data seems to come from 35 US states and some European and Asian nations.

The BLAZINGSUN data collection reportedly comprises 3 million payment documents, with an estimated price of $17 per card.

There are 469 outlets operated under the Dickey’s Barbecue Pit franchise in 42 states, each of which has approval to use the type of point-of – sale (POS) system they want, as well as their chosen processors.

The details that appeared on Joker’s Stash, according to Gemini Advisory, indicates that 156 Dickey locations in 30 states might have been hacked. Between July 2019 and August 2020, the data was allegedly harvested.

Dickey’s runs under a franchise model that also requires each location to decide the type of system and processors they use for point-of-sale (POS). However, the damage could be attributed to a violation of the single central processor, which was leveraged by over a quarter of all Dickey’s places, considering the widespread existence of the breach,’ says Gemini Advisory.

The security company also reports that the exposure by location does not exactly correspond with the spread of the restaurant across states, but the exposure is roughly representative of the overall spread, with the exception of Texas, which hosts 123 restaurant locations but only three compromised locations.

Gemini also notes that payment transfers were conducted using the magstripe system in this infringement, which is obsolete and vulnerable to attacks. It’s unknown, though, whether the affected restaurants used redundant or misconfigured terminals.

“The documents from Dickey’s will likely continue to be applied to this marketplace for several months, based on past big breaches of Joker’s Stash,” the security company says.

The restaurant chain confirms it is mindful of a potential breach of data and an investigation has been initiated.

We received a warning stating that there may have been a security breach involving a payment card. We took this breach very seriously and our action plan was launched promptly and an investigation is ongoing. We are now focusing on identifying the affected sites and time periods involved. We use the expertise of third parties who have assisted other restaurants to resolve similar concerns.

Source: https://cybersguards.com/payment-card-records-stolen-us-based-restaurant/

Continue Reading
Energy4 hours ago

American Electric Power Receives First NAPPC Pollinator Electric Power Award

Energy4 hours ago

Garrett Announces Acquisition

Energy4 hours ago

NASA, Department of Energy Expand on More Than 50 Years of Collaboration

Energy5 hours ago

GivePower Foundation Receives $1 Million Donation from Silicon Valley Technology Veteran Chris Larsen

Energy5 hours ago

AEP Increases Quarterly Dividend To 74 Cents A Share

AR/VR5 hours ago

From Environmental to Social: XR Tackles Global Issues

AR/VR6 hours ago

New Japanese PlayStation VR Bundles to Include Camera Adaptor for PlayStation 5

Energy7 hours ago

McKim & Creed Acquires­ Water Loss Recovery and Control Firm

Energy7 hours ago

Global Cable Management Market (2020 to 2027) – by Type, and End-user

AR/VR7 hours ago

Qualcomm’s XR Enterprise Program Doubles Membership, Includes Holoride, OssoVR & Talespin

Energy7 hours ago

Worldwide Industry for Cables and Connectors to 2027 – Growing Number of Data Centers Presents Opportunities

Energy7 hours ago

Xinhua Silk Road: La transformación verde es vital para el desarrollo del carbón de coque y la cooperación energética de la B&R

Automotive7 hours ago

ALYI Highlights Next Steps

Energy7 hours ago

Field Squared Selected by TRC to Embolden Digital Transformation of Its Utility Service Operations

Crowdfunding7 hours ago

The Worst Way to Respond to Any Market Crash

Blockchain8 hours ago

Billionaire Mike Novogratz Builds Bitcoin Position on Prescience

Entrepreneur8 hours ago

It’s Time for You to Rise Up!

Entrepreneur8 hours ago

If You’re Not Using a CRM System for Your Small Business, You’re Wasting Time and Money

Patents8 hours ago

New electroactive bacterium for wastewater treatment

Blockchain8 hours ago

Latvian Financial Watchdog Issues Crypto Fraud Warnings

Cannabis8 hours ago

PURA Concludes Farmersville Meetings – Deal Imminent

EdTech8 hours ago

Blended Learning Best Practices (with Catlin Tucker) – SULS085

Entrepreneur8 hours ago

This CEO Doesn’t Look at Resumes When Hiring

Entrepreneur8 hours ago

Virtual Meeting Etiquette Guide for Hosts and Attendees

Entrepreneur8 hours ago

9 Ways to Add Revenue to Your Marketing Agency Before 2021

Blockchain9 hours ago

Upgraded XMR Becomes Best Performer Among Top 15 Coins: Analysis

Coinpedia9 hours ago

Brookmount Explorations, Inc. Reports Record 3rd Quarter Earnings

Blockchain9 hours ago

Billion Dollar Companies Interested In DeFi, As Crypto.com Study Shows

Biotechnology9 hours ago

PAOG Advances FDA Application Process For Respiratory Cannabis Drug Treatment

AR/VR9 hours ago

Survios Releases ‘Combat Rebalance Patch’ for The Walking Dead Onslaught

Blockchain9 hours ago

Hackers Donate Stolen Bitcoin To Two Different NGOs: Report

Patents9 hours ago

EIP and Osborne Clarke successful for PanOptis against Apple

Blockchain9 hours ago

DASH Breaks Out From Long-Term Bullish Pattern

Coinpedia9 hours ago

ZICIX Set to Modernize the Coupon Industry with an Innovative, Integrated Smartphone App and Dashboard Solution

Blockchain10 hours ago

LINK Rejected $11 Price Level, Could Drop Below $10.5: Analysis

AR/VR10 hours ago

FundamentalVR now Supports Ophthalmology Training

Energy10 hours ago

nexAir acquires Atlanta-based medical gas supplier

Energy10 hours ago

Sight Machine Puts the True Smart Factory in Reach With Automated Optimization of Manufacturing

Blockchain10 hours ago

DASH Enters DeFi The Price Reacts Immediately, Jumping By 12%

Energy10 hours ago

QMC Responds to Announcement of Canadian Electric Vehicle Production

Trending