Many startups of today are opting to have their entire business on their website. The prime example of this is the online store. With this, you can sell products and services to anybody at any time, and accept just about any kind of payment method (yes, even Bit coin, or even any other Crypto currency can work as well).
Given this scenario, these types of businesses are even at a greater risk for a Cyber-attack. Here are three scenarios that they need to watch out for:
- The use of Open Source Code:
True, Open Source is the way to go in order to build your online business. After all, Linux and Apache are free to download and use, there are no issues with licensing fees to be dealt with, and help is abundant with the online forums. But, being an Open Source platform also means that your underlying source code is at a much greater risk of being prone to a Cyber-attack – after all, everything is visible. What is a good solution here? Make sure that the source code you develop is properly vetted, and that is Penetration Tested thoroughly both from the inside and the outside lines of defense. We will examine Pen Testing in future blogs.
- Use of Third Party web components:
By this mean, we mean the use of plugins or add ons which can be used to greatly increase the efficiency and optimization of your website and online store. There are many Third Parties that offer such plugins, and many of them offer plug ins which have not been tested properly, and thus are prone to such Cyber-attacks as key logger software. This is a piece of malware which can deploy itself onto your customer’s wireless device and covertly record all of their passwords. What is the solution here? Use the plugins from a long established and reliable source, such as Word Press. For the most part, their plugins are upgraded with the latest security features, and in fact, are quite easy to use (for the novice, like me, it can look daunting, and will require some training-better yet-have your web developer install these plug ins for you).
- Distributed Denial of Service (DDoS) attacks:
This is a kind of Cyber-attack where the servers upon which your website and online store are literally brought “down to its knees”. The servers are totally bombarded with malformed data packets that their processing power comes to a complete, grinding halt. This means lost business for you, and worst of all, lost customers and a tarnished reputation: “ Today’s DDoS attacks have evolved into increasingly sophisticated and damaging events . . . dealing with the fallout . . . is a long and costly road.” (SOURCE: https://www.technewsworld.com/story/85143.html). What can you do in these situations? Unfortunately, there is no way that you can prevent your online business totally from being hit by a DDoS attack. They can happen anywhere, at any time, completely out of the blue. The best line of defense is to create a disaster recovery plan in which you can restore your business in case you are hit. Also, make sure that you work with closely with your ISP to make sure that you some sort of DDoS mitigation tools installed on your server.