business Expanding Your E-Commerce Capabilities? Beware of Cyberattacks November 15, 2016 How to minimize the risk of cyberattacks when conducting business on the Internet. Almost 40% of the respondents to our 2016 Manufacturing Industry Survey Report plan to expand their e-commerce capabilities. Tapping into the online distribution channel can add convenience, decrease costs and speed up collections. But it also brings additional risks: Inadequate data security measures could expose manufacturers that conduct business online to serious cyber threats in the future. Is data security a priority at your company? Surprisingly, only about one-quarter of the survey respondents listed data security as a top priority. Here’s why data security should be a priority and how you can minimize the risk of cyberattacks when conducting business on the Internet. Safety Measures for Online Transactions When customers place orders on your website, they’re trusting that you’ve taken steps to protect their data — including credit card numbers, account numbers and email addresses — from being stolen by hackers. Data breaches can deter customers from doing business with your company again in the future, especially if your response to the breach wasn’t well organized and you haven’t taken steps to reinforce your security measures to prevent future attacks. What can you do to safeguard sensitive customer data? Breach prevention is an ongoing process that starts with a comprehensive risk assessment to identify potential vulnerabilities in your business systems and internal controls. The next step is to assess and mitigate any weaknesses in your defenses. For example, all companies that conduct business online should implement some form of encryption (such as AES-256) to secure online transactions (both in transit and at rest). Periodic penetration testing of all public facing servers should also be performed. And, if you process credit card information, you are subject to the Payment Card Industry (“PCI”) Data Security Standard and should undergo an annual examination for compliance with that standard. It’s also critical to conduct regular data security awareness programs and breach prevention training for employees. Remember, most states have data breach laws and regulations that you must be aware of should you conduct even one transaction for a resident of that state. In Massachusetts, for example, the benchmark regulation is 201 CMR 17.00. All companies should have a dedicated Chief Information Security Officer (CISO) or another individual spearheading their data security efforts. Also consider the security levels of your supply chain partners. This should be part of your vendor management program. Often, these breaches occur through security gaps in supplier or contractor controls (such as the breach that occurred at Target). Prevention can’t be 100% foolproof, so be ready in case a breach occurs. Plan ahead by devising a prompt incident response plan and consider purchasing addenda to your insurance policies to cover data breach and response. The Time is Now There’s no time like the present to focus on e-commerce data security: October is National Cyber Security Awareness Month (NCSAM). This is an annual campaign by the U.S. Department of Homeland Security to raise awareness about cybersecurity, provide businesses and nonprofits with tools and resources needed to stay safe online, and increase our country’s resilience against cyber incidents. Questions on expanding your e-commerce capabilities? Contact us. Our information security team can help you safeguard your defenses against data breaches.