You've been hacked

Posted by Amy Montague on Thursday 10 January 2019

 

Data breaches have steadily risen since January 2017, with almost 90% of ecommerce logins coming from hackers using stolen data. Many of these breaches have occurred due to holes in payment methods, which could have easily been prevented.

 

Dig a little deeper

 

Hacking means gaining access to sensitive information or programmes maliciously, either through stolen identities or data breaches. Two of the most popular open-sourced tools for hackers to penetrate are Wordpress and Magento, primarily due to their customizable set up, which opens up many vulnerabilities. Under no circumstance does this mean that these programmes shouldn’t be used, instead greater care should be taken when setting up additional functionalities and secure payment methods. As a brand the last thing you want is a breached website and users turning away as they lose confidence in your brands security.

 

Here are 5 key ways you can protect your brand online:

  • 1) The basics 
  • The standard security barrier used by most websites is SSLs (Secure socket layers). They offer a basic level of security, however as they are the most common form of security, they are also easy to penetrate for the experienced hacker. Instead EV SSLs (Extended Validation Secure Sockets Layer) should be used as they offer a higher level of security and can be identified in the web browsers address bar.
  • ev-ssl-examplesSource
  • 2) Payment gateways using live verification services
  • These services receive payment information from certain sites, such as Amazon, and forward the payment information off to the bank for verification and authorisation. If all the information is correct, then the payment is successful and goes through. This could take a month or a matter of days depending upon the payment gateway type. These are important as they validate your users’ details and ensures your users information isn’t being used by a third party.
  • 3) Intrusion detection systems
  • Intrusion detection systems (IDS) monitor logs looking for evidence of a breach. IDS alerts should be addressed as quickly as possible. IDS's monitor network traffic and suspicious activity, creating alerts when irregular actions are performed. There are many different IDS including, Network intrusion detection systems (NIDS), Host intrusion detection systems (HIDS) and more.
  • Find out more here
  • 4) Error links/pages
  • Broken links and error pages should be personalised to only include an inline message or a redirecting link. Failure to do this could expose information about your website to hackers, giving them the leverage needed to breach your website.
  • error page bad
  • 5) Be the hacker
  • To be hacked or not to be hacked that is the question and we have the answer. The best way to cover all your bases and understand how your site can be penetrated is to simply get someone to hack it. Don’t worry, I don’t mean willingly give away all your customers sensitive data. Instead, I mean connecting with professional testing companies designed to uncover website bugs and hacking opportunities. After all, how can you know how your website or app will be hacked, if you haven’t tested it out before.

Perfecting or increasing your website security is an intense task to take on, especially if you want to cover all your bases. However, connecting with web testing companies will take a lot of the weight of your shoulder. 

Find out more about website/app security now

Talk to our team now

 

Topics: Mobile, UX, ecommerce, issues, Strategy, security