SMEs turned to e-commerce, cyber danger is around the corner

SMEs turned to e-commerce, cyber danger is around the corner
25 August 2020

Cybercriminals, who see SMEs that turn their face to e-commerce as easy pickings, are lurking to find the vulnerabilities of businesses. Turkish cybersecurity company has announced 7 golden steps to follow to keep both online shopping sites and customer data safe.

*** This release is originally published in Turkish.
Google Translate Application translates the content you see on this page.***

ISTANBUL (TR) - The novel coronavirus that took the world by storm has dramatically changed our lives. SMEs, which usually carry out their business activities in their physical stores, quickly started to turn to e-commerce. While big businesses stand still, SMEs, who think that cybercriminals will not attack them, are in great danger.

Stating that SMEs' orientation towards e-commerce is a move in line with the requirements of the age, but it may turn into a big risk if the necessary cyber security measures are not taken, Berqnet Firewall General Manager Hakan Hintoğlu said, “Compared to large corporations, we see that SMEs do not have sufficient knowledge and infrastructure about cyber threats. SMEs need to be very careful when even large institutions cannot escape cyber attacks, otherwise there could be huge losses in legal, financial and reputational terms.”

Stating that phishing attacks, ransomware attacks, credit card fraud, attacks via malicious software such as trojans and malware, DDoS attacks and phishing are at the top of the attacks against e-commerce sites, Hakan Hintoğlu listed the 7 steps to be followed for keeping both sites and customer data safe:

1. E-commerce infrastructure to be used in the determination should be considered well

Stating that the way to establish a secure e-commerce site for companies considering establishing their own e-commerce infrastructure is through the selection of the right web server, e-commerce software and security components, Hintoğlu said, “Companies that set up their own infrastructure should definitely keep all their software updated and have a penetration test at regular intervals. Since it may be difficult for SMEs to establish and maintain their own e-commerce systems, they should investigate the security and reputation of cloud-based e-commerce systems to be selected in this regard.”

2. Secure communication with SSL

Hakan Hintoğlu noted that the encrypted transmission of data plays an active role in preventing cyber attacks and said, "Especially to protect financial information and to use an SSL certificate for online shopping security, it has become a necessity for e-commerce as it ensures that the sent data is encrypted and can only be read by the recipient.”

3. Firewall devices and antivirus software should be used

Emphasizing that a strong firewall plays an important role in protecting sites and users against cyber threats, Hintoğlu said, “Firms that use their own infrastructures and manage their servers should ensure all internal and external network security, especially server security. Firewall is one of the basic components of network security. In addition, antivirus software must be installed on all devices and servers on the network and kept up to date.”

4. Using strong passwords is mandatory

Indicating that one of the main risks of online shopping is that cyber attackers detect usernames and passwords, Hintoğlu said, “Although some users complain that they cannot remember complex passwords filled with uppercase and lowercase letters, numbers and special characters, they are classified as strong passwords and are of great importance in terms of cyber security. For this reason, e-commerce platforms should require strong passwords. The more secure method is to use double authentication login (2FA).”

5. Data that are not needed should not be stored

Indicating that customers' personal and financial data that are not necessarily needed should not be stored, Hintoğlu said, “It is important to keep only the information required for the processing of a refund or chargeback and to clean this information regularly to reduce risks. Information that is not legally required should not be kept.”

6.Data must be backed up

Indicating that the data must be backed up due to the possibility of data loss due to hardware problems and the recent increase in ransom attacks, the data should be encrypted by hackers and rendered unusable without paying ransom, Hintoğlu said, “Particular attention should be paid to the fact that the systems on which reservists are transferred are sheltered in the face of ransomware attacks.”

7.Investment in employees' cyber security awareness

Stressing that most of the cyber vulnerabilities are caused by human errors, Hintoğlu said, “If an employee who has access to critical systems within the organization opens a harmful e-mail sent to him, the whole operation may be interrupted. Examples can be increased, but the main issue here is to increase the cyber security awareness of employees and to be always on alert against such threats.”

“Security problems can disrupt SME's online trade”

Berqnet Firewall General Manager Hakan Hintoğlu, who pointed out that even large e-commerce sites have recently come up with cyber attacks despite their serious investments in cyber security, stated that SMEs who have not invested enough in their digital infrastructure and employees' cyber security awareness may also suffer a lot of losses.