Secure, or not secure?
As the holidays draw near and we set out again to hit the shops, last year’s Target credit card breach inevitably comes to mind. Although the debacle was determined to be localized to point-of-sale systems (cash registers in Target stores), both financial and personal information was stolen from millions of customers.
Fast-forward ten months, and now we’ve got Home Depot, Gmail, HealthCare.gov, and a host of other companies and organizations where data compromises are cropping up. Although the means by which data is breached may vary, the ultimate goal of hackers is the same: to exploit consumers’ personal information. Everything from your credit card details, contact information, and identification numbers can wind up in the hands of criminals.
The general public presumes that any company, from the smallest startup to the largest global corporation, has a secure payment system, allowing them to make purchases with peace of mind and little to no risk of personal data breach. More often than not, such information is stolen using online hacking methods versus in-store.
However, there are a couple of things to consider when it comes to protecting your website and, ultimately, your customers.
Think like a hacker, for starters: there are more customers to exploit on a website such as Amazon.com than on MyLocalVinylShop.com. But that doesn’t let smaller companies off the hook. The average consumer may not be aware of the importance of a Fort Knox approach to data lockdown, but you should.
So what do you do?
You want your shoppers to trust your brand, your product, and your website, but you don’t want to spend millions on sophisticated security systems.
Opt for a load test: evaluate and benchmark your system’s reaction to an attack
A company such as Apica can simulate an Advanced Persistent Threat (APT) attack and determine whether your system detects the threat. Based on the results of the test, your team can then get to work improving any areas of concern.
Of course you should already have a robust security infrastructure to protect customer information, and a solid, tested battle plan, but your system’s reaction to the attack simulation will determine the steps to follow detection.
In the picture below (thanks for an awesome infographic, Praetorian) you can clearly see the security gap which exists between the onset of the attack and the victim’s response to (or perhaps even awareness of) that attack. Thoroughly testing your site’s response to a simulated attack can help you to reduce the security gap, thus proactively protecting your site and valued customers from future harm.
Prepare, prepare, prepare
If you’re feeling anxious about your site’s security, you’re not alone. You’re also not without options. Once you’ve gone through the trouble of creating awareness about your brand and your site, don’t throw it all away on a vulnerable system. As millions more transactions take place on the Internet every day, it’s up to you to make sure that your system is prepared for an attack — and up to you to make sure your customers’ personal information is secure.