by Claudia Bruemmer

What should merchants do in case of cyber attack? According to security experts, they should disable their site as soon as they realize they are undergoing a hacking attack. It’s better to shut down an ecommerce site right away and put protections in place than to deny the problem and keep the site going since you can risk further damage.

Disabling your site quickly can enable you to gather evidence that could help law enforcement catch the criminals. Merchants need to prepare for attacks, especially during the holiday shopping season.
Merchant databases are vulnerable to attacks as the countdown to Black Friday ticks away. Criminals want whatever consumer information they can get their hands on − things like credit card numbers, birth dates and addresses.

It is estimated 212 million shoppers will shop in stores and online on Black Friday. Of these shoppers, 154.7 million could be at risk, according to data security firms. It is estimated that 70 percent of the data maintained by retail merchants could be vulnerable to information leakage because of a weakness in software that allows criminals to access the sensitive data mentioned above, in addition to billing and shipping addresses.

Hackers are finding many new ways to steal data – from spear phishing to SQL injection. As holiday shopping gets into full swing, merchants will face more criminal attempts to hack web sites and network security systems.

As merchants prepare for the holidays, in addition to stocking shelves and planning for a rush of customers, they should also ensure they have a strong security system and procedures in place. Below are some tips for responding to and preventing criminal infiltrations of websites and computer networks.

• Spear phishing is similar to the email phishing attacks that try to trick email recipients into clicking to a website that looks legitimate but is phony and entering personal information such as credit card numbers or banking data. However, in spear phishing the criminals get the email addresses of people like retail executives, and then send them an email that appears to be a legitimate message from a co-worker. When the recipient clicks the attachment icon, instead of seeing a document they may get a blank page and think it’s a glitch. While the recipient may think nothing of it, what happened when they clicked the attachment is that malware was downloaded to their computer. The malware then searches for security openings that expose data, such as customer email addresses and account information. Merchants can guard against such attacks by installing firewalls to block suspicious emails, training employees to check incoming email headers for unusual characters indicating they are not from a trusted party, and by instructing employees not to click on unexpected attachments without first checking with the sender.

• SQL (Structure Query Language) is a programming language for managing data across multiple databases such as customer accountdata and email lists. SQL injection attacks are designed to find website and network security vulnerabilities and then steal or compromise confidential data. On retail sites, criminals insert data-stealing scripts into fields where consumers enter such information as name and address. Security experts advise website managers to install software that screens the data entered in those fields to prevent command scripts from executing. In addition to installing firewalls, companies can mitigate the effect of SQL injection attacks by having a good database management and recovery plan in place. This includes knowing exactly where sensitive data are stored, who has access to the data, and having a designated response team assigned to immediately checking sensitive data when a security breach is discovered.

• Cloud-based computing and data storage − which is now a popular way for retailers to use other company’s web servers to managetheir websites, applications and databases − requires retailers to take extra steps to ensure that these systems are built with the proper firewalls and that effective policies are in place should a security breach occur. Cloud environments are not more secure or less secure than any other company’s network environment, but it’s important for cloud agreements to address liability in a detailed manner. If there is a security breach, a service-level agreement with the cloud provider should clarify who has access to data, who responds to and investigates a security breach, and how the merchant is ensured that the breach has been fixed.

To review, merchants should disable their site as soon as they realize they are having a cyber attack rather than to deny the problem and keep the site running. It’s also important to have a good database management and recovery plan in place, allowing your designated response team to immediately check sensitive data if a security breach is discovered.