Malware – it’s a scary word you’ve probably heard before. But if you’re not quite sure what malware is, why it’s such a threat, or what you can do about it, you’ve come to the right place. In this comprehensive guide, SiteLock reviews what malware is, what a website vulnerability is, how infections occur, how to remove malware infections, and finally, how to prevent them in the first place.
Tag: PCI Compliance Page 1 of 2
Did you know that 27 percent of consumers don’t shop online due to fears their personal information might be stolen? Or that 65 percent of consumers who have had information compromised due to online shopping will no longer shop online or return to the site their information was compromised? These alarming statistics are based on a survey conducted by SiteLock in Q4 2017, in which 1,017 consumers were asked to assess their views on online shopping. These survey results illustrate that consumers are reluctant to shop online out of concern their personal information is not being protected from eCommerce stores.
As an eCommerce owner, are you doing enough to address and overcome your customers’ fears? If not, don’t worry – we’ll explain how you can protect your customers by using PCI compliance. We’ll also make sure you understand the ins and outs of PCI compliance, the steps to get started, and the penalties for not meeting PCI standards.
Picture this. You just launched your first company website to sell your clothing line. Customers are purchasing products, and you’re starting to make a profit, then BAM! You get hit with a fine because your website is not PCI compliant. What’s next?
What Is PCI Compliance?
PCI Compliance is a security requirement created for online merchants by five of the major credit card companies, American Express, Discover Financial Services, JCB International, Mastercard and Visa, to protect customers and reduce fraud.
Talking about cybersecurity is equivalent to addressing the elephant in the room. It needs to be addressed, but the issue often gets pushed to the backburner. Studies show that 70 percent of Americans shop online at least once a month. However, over 30 percent of consumers say they hesitate to make those purchases due to security concerns, like credit card data theft.
As an online retailer, it is time to address the elephant in the room by addressing your customers’ fears. To get you started, we cover four basic—yet essential—website security tips to protect your eCommerce site.
With holiday shopping in full swing, WordPress websites that accept credit cards are busier than ever. Lots of business is great. Not being PCI compliant is bad.
PCI compliance is required by all the major credit card companies and if your website is not PCI compliant, you risk penalties, lost revenue, the inability to accept credit card payments in the future and worst case, an increased risk of cardholder data exposure.
Websites and web applications are being hacked more than ever these days (especially with the rise of online businesses and B2B SaaS-based platforms). If a hacker gains access to the system, they can compromise financial records, medical records and other personal information such as Social Security Numbers and credit cards.
SiteLock president Neill Feather recently wrote an article on B2BNN, covering 5 security issues that many websites and web applications face, with solutions, including handling payments (PCI compliance), malware and password enforcement. For the full article, click here.
If you accept credit card payments, you’re likely familiar with PCI compliance and what it entails. If you accept credit card payments, or are considering it, and are NOT familiar with PCI compliance, be sure to take accurate notes on the information that follows as they relate to PCI non-compliance fines and penalties.
PCI DSS Overview
Created in 2004 by the five global payment brands — Visa, Mastercard, American Express, Discover and JCB — the Payment Card Industry Data Security Standard (PCI DSS) is a security compliance requirement for businesses that handle credit cards. It was created to protect customer and cardholder data from cyber attacks and fraud.
There are over 1 million new strains of malware created every day. One identified infection can get your website blacklisted by Google, who currently blacklists over 10,000 websites each day. Mind you, the malware need not even be on your site.
SMEs (Small to medium-sized enterprises) are unfortunately one of the largest targets of cyber attacks. On average, over 30,000 SME websites are targeted each day, and to make matters worse, nearly 60% of their IT professionals think they aren’t at any real risk of being attacked.
Don’t allow your business to suffer expensive cyber attack damages (which average around $50K per attack) — instead, be proactive in your web security efforts to prevent security threats, protecting you and your customer’s private data. Here are 5 website malware protection tips to help you protect your website from malware and other cyber threats:
1. Updates and Patches
Is your website running off of a Content Management System (CMS) such as WordPress? A CMS can be an easy and cost-effective way to manage your business’ website, but they’re also large targets for cyber attacks.
Why? Many CMS platforms and plugins are often easy targets for hackers and allow backdoor access to your server and data (a recent example of this vulnerability was the SoakSoak attack that occurred last month). Make sure your system, plugins and themes are always up to date, strengthening your web security. Many CMS solutions will even automatically update files for you, if you choose.
2. Website Scanning
Many web viruses and other malware go unnoticed until it’s too late, due to their elusive nature. They can often be implemented with a simple one-line script, injected into the code of your website – made to look like normal code.
Website security scanning software can scan your website for existing malware and other harmful code that doesn’t belong, and notify you immediately of any threats. Our SMART (Secure Malware Alert & Removal Tool) software takes it a step further by automatically removing anything harmful – similar to what a virus removal software does for your PC.
3. Web Application Firewalls
Removing existing website threats is one issue, but keeping them from coming back is another. With over 1 million new malware strains created each week, your business’s website can potentially to be infected by a new virus every day.
Web Application Firewalls (WAF) can help prevent attackers from even visiting your site. How do they work? Let’s take our TrueShield WAF, for instance – it evaluates traffic based on where it’s coming from, how it’s behaving, and what information it’s requesting. Based on these and other criteria, the firewall will allow “legitimate” traffic (e.g. customers and search engines) access while blocking “malicious” traffic (e.g. spam bots and hackers).
Used in conjunction with a website scanning solution, a WAF can help provide around-the-clock, hands-free security for your business’s website.
4. PCI Compliance
The Payment Card Industry Data Security Standard (PCI DSS), or PCI for short, is a security standard that businesses must adhere to if they accept major credit cards. This compliance helps ensure that your business and customers are protected from cyber attacks and fraud by providing a documented, baseline security posture for your site. Failure to comply with PCI standards can result in direct financial damages, lawsuits, government fines and ultimately ruin brand reputation in the event of a data breach.
Fortunately, it’s not difficult to become PCI compliant. There are many solutions that walk you through the steps to help create your own customized PCI policy. Our SiteLock® PCI Compliance program takes it even a step further by scanning your site and network, and you can also add on our PCI-certified TrueShield firewall.
5. Strengthen Passwords
Even now the world is still using weak passwords. A strong password is one that contains over 8 characters, no dictionary words, has a mixture of uppercase and lowercase letters, and includes digits and/or special characters. Unfortunately, many of those boxes aren’t checked – allowing brute-force hacking techniques (repeated attempts to login to your website) to become effective.
It’s extremely important that you create a strong password for your website’s back end, since it can often times be an easy way into your private data. You should also advise your customers who have online accounts to do the same, to help protect them from future attacks. After all, it only takes seconds for a computer to crack a poorly created password.
Want to stay up to date on the latest malware trends and ways to protect against them? Follow SiteLock on Twitter!
We’re now closing in on nearly one billion websites worldwide, and with another 6 million new domains being registered daily. Yet it’s estimated that less than 3% of those websites are secure. And guess who’s really taking notice of this glaring absence of website security?
It’s nothing new that hackers are constantly changing their tactics. What’s troubling is how quickly they adapt and adjust to whatever security countermeasures they encounter, and how creative and sophisticated their workarounds have become. That’s what happens when a crime becomes a lucrative industry, and when things like website security get overlooked hackers won’t waste a moment exploiting it.
If you think for some crazy reason your business is too small, too obscure, or simply just too uninteresting to be of any value to a busy hacker, be prepared for a rude awakening. The one thing the all of the recent major data breaches had in common is that all the businesses involved were probably PCI compliant. And it was still no guarantee.
There has been a seemingly endless parade of massive data breaches in just the last few weeks, including UPS, Dairy Queen, Community Health, Apple’s iCloud, the 1,000 businesses the FBI said were just hacked, and, oh yes, the suspicion that Home Depot just suffered a data breach even bigger than Target’s.