20 Steps to Take to Protect Your E-commerce Business from a Ransomware Attack

Conducting business online can be a risky venture. Then you hear about the recent WannaCry ransomware attack, and you have to wonder if your e-commerce business will become a victim the next time hackers decide to take aim at companies around the globe. If this widespread malware infection hasn’t scared you enough just yet, then check out what has been happening in the cyber-security landscape since last year:

• 1 out of 131 emails in 2016 contained some form of malware.
• In 2016, there were 638 million ransomware attacks around the globe.
• From those attacks, businesses paid out a little more than $200 million in Q1 of last year.
• The average ransom hackers ask for is $1,077.
• Despite the majority of people (78 percent) understanding how risky unknown links in emails can be, they still admit to opening them.

Perhaps the scariest statistic to come out of all this hyper-vigilance over businesses’ vulnerabilities is this—according to Barkly research, “52 percent of organizations that suffered successful cyberattacks in 2016 aren’t making any changes to their security in 2017.”

This begs the question of “why?”

Why would a business actively choose not to improve their security situation knowing how risky it is to do business in this digital age? Why would a business look at those staggering statistics and think that a long-term protection plan is not necessary?

Let’s think about this logically. Hypothetically, there is a chance that your business never has to deal with a cyberattack. However, if you are running an e-commerce business, email is not the only means through which you have opened your business up to risk. Other gateways for attack include:

• Your company’s computers as well as other network-connected hardware
• Your Wi-Fi network
• Your payment-processing tools
• Your business software
• Your website

There are just too many points of entry through which a hacker can get in and take down your business, with or without the request of a ransom. So, what are you going to do about it?

Below are 20 steps you should take to ensure that you are keeping your business, employees and customers out of harm’s way.

Start with a Policy

1. Create a cyber-security policy for your e-commerce business.
2. Develop official documentation around your policies and provide it to all employees.
3. Provide cyber-security training to all new hires and reinforce best practices (see below) by regularly reviewing it with them.

Secure Your Software and Hardware

4. Use antivirus software on all company computers.
5. Set all your software programs, apps and browsers to update automatically.
6. Use a firewall, password protection, and end-to-end encryption on your Wi-Fi network.
7. Create a mobile security program. If you or your employees do business on the go, you need to provide security and encryption services for their devices and require password protection for each phone.
8. Fortify your e-commerce website with a security plugin, firewall, secure payment processing tools, admin login protection, and remember to keep your system and all third-party integrations current.
9. Minimize admin privileges, so that only a very limited amount of people have full access to your company’s systems.

Reinforce Best Practices

10. Always lock up computers and other devices when away from them and never share login details with others.
11. Don’t give out company, employee or client information to anyone online, over the phone, or in person unless you have completely verified their identity.
12. Never give any sensitive company-related or even personal information to a site that doesn’t have an SSL certificate.
13. Enforce strong passwords and require that they are updated every two months.
14. Use two-factor authentication to increase the difficulty of someone hacking into any of your devices or systems.
15. Don’t process payments through the same computer you use to do business.
16. Back up your systems (this includes your website) at least once a week. This will render ransomware attacks null and void if you have a backup of your company data ready to go back online without having to issue a payment to their ultimatum.

Stay Vigilant with Email

17. Be wary of emails from people you do not know, random malware messages that appear on your screen, messages from law enforcement agencies saying you committed a crime, and random popups that say your computer is infected.
18. Never click on links in emails if you do not know the sender.
19. Always double-check the sender’s actual email address even if you think you know them. The hacker may have spoofed their name. Alternatively, you can contact the sender by another means if the message seems suspicious despite having been sent by them.
20. Never open email attachments unless you are absolutely sure they came from someone you know.

Cyber security is never a matter that should be taken lightly. If you are serious about doing business online and keeping everyone around you—from customers to employees—as well as your own business’s longevity safe, then you should take steps now to secure it from every angle.

About Endicia

Endicia is a leading provider of internet-based postage services that make it easier and more affordable to ship parcels through the U.S. Postal Service^®. We know that shipping can be complex and our goal is to simplify your shipping operations so you can focus on doing what you do best. Visit us at endicia.com to learn more.