Image: Wikimedia
Image: Wikimedia

A massive £1.2 billion is spent every week on online retail sales. That’s just over 10 per cent more than the year before. With this in mind, it’s fair to say that the majority of consumers feel reasonably safe when it comes to shopping on the web. It can’t be any worse than the aggressive crowds of shoppers we find on the high street, right? Jake Madders looks deeper. 


But according to recent findings, three-quarters of UK consumers have been scammed in the process of buying goods online. Online shopping actually exposes consumers to a number of security threats, and these stats show that the hackers are succeeding far too often.

With an ever-increasing threat landscape, it’s not just customers that are at risk. So is the reputation and revenue of the retailer itself who needs their custom and loyalty. Let’s talk about the biggest areas of concern when it comes to security as well as the appropriate measures that can be taken to ensure that none of the above are put in any unnecessary danger.

Don’t get taken out

Intruder alert! Intruder alert! Online retail vendors can certainly be at risk of unexpected security breaches from the cyber attackers out there. Recent research found that the number of cyber attacks experienced by online retailers more than doubled between 2015 and 2017. The word ‘ransomware’ has become part of everyday language to most.

So what is the best way to protect your customers from the threat of intruders? Nip them in the bud and ensure they don’t get in. As the saying goes, prevention is always better than the cure. Implementing a process for monitoring malicious activity is vital to keep the hackers out. Identifying real incidents in real time means fewer false alarms, and more time for you to focus on your bigger business objectives. These services are often able to identify malicious and harmful network activity, blocking it before it can cause painful downtime, such as in the case of Distributed Denial of Service (DDoS) attacks.

Avoid being a target

The cyber attackers out there can be pretty persistent, testing website security until they eventually succeed in bringing it down or gain access to what they’re after. But, why, and how?

Sorry to break the news – but your website is never going to be perfect. Hidden vulnerabilities are everywhere. Meltdown and Spectre are prime examples. To make sure that you are the first to know about these security holes, businesses need to be actively seeking them out. Penetration testing can help to prevent attacks by consistently analysing your website and creating detailed reports. Developers can then use this information to repair the problem straight away.

Encryption – a final line of defence

So what if all else fails and someone does gain access to your website, as well as the data that been so loyally entrusted to you by your customers?

Well, data encryption makes your data unreadable to any third party in the event they find themselves wrongly in possession of it. So even if those pesky intruders do manage to break through the firewalls, there’s nothing they can do with it anyway. And today’s security standards mean that the level of encryption is pretty sophisticated.

This feature will be particularly important in the lead up to GDPR, when data encryption will increasingly become best practice.

Sorry, you have not been granted access

Security measures are complex and constantly evolving, making it really hard to keep on top of ensuring that your organisation and your customers are protected. That’s why most sensible businesses look to a third party for help.

Online retailers that choose to partner with managed service providers (MSPs) will benefit from high levels of data security and advanced IT infrastructure. They are often well skilled in all of the above, can consistently review strategy and dramatically reduce the risk of your website becoming a target.

It’s best to have a clear idea of the service level agreements (SLAs) you expect, and to settle for nothing less. The cream of the crop offer defence systems against DDoS attacks, penetration testing and other advanced services to ensure the attackers never get through.

All of these features and more are only going to become more and more important with the implementation of GDPR. If the attackers read your customer’s data, there’ll be no fines to pay. No big statement of apology. Simple.

Choose to end the game of dodgeball when it comes to your online security.

Jake Madders is a  Director at Hyve