For many Businesses online shopping has overtaken telephone shopping as the way to order supplies, it is very easy, quick and convenient for most people. However, as news of many service web sites getting compromised regularly here are some tips to ensure that you are shopping securely and reducing the risks of losing your personal data.
This is an edited transcript from a video blog recording of Sarb Sembhi, CTO and the CISO for Virtually Informed, and his co-host Nick Ioannou, Head of IT at Ratcliffe Groves, the square brackets with the initials indicate the speaker.
Introduction to Online Shopping for Small Businesses
[SS]: Today we're looking at how Small Businesses to do secure online shopping, this time I'll be starting us off.
Only Use https Shopping Web Sites
The first thing that's obvious and also particularly important when anyone does any shopping, whether it's business or personal online shopping, is to make sure that you are at the right place you should be at. It is interesting that the key message from official authorities, whether it's the National Cyber Security Centre or internet giants like Google, is that they try to remind everyone that the link you should be using, and your browser should display is https. The s in https stands for security. So basically, you're making sure that the link that you're using is a secure link where the communication between your browser and the shopping website is encrypted so that no one can eavesdrop on what data is being transmitted between you. The encryption is especially important, because otherwise the data can be intercepted by attackers and they can steal your payment card details as you're trying to make payments.
https has become such an important website and security issue that now when Google lists website searches, it will move non https websites lower down in the rankings if a website is not offering https as its standard service. So, it is important that whenever you're shopping, you use the https as part of the link; just like the web address for this website, https://www.virtuallyinformed.com.
If you are a business offering website services, you can as Virtually Informed has done, to forward all of your non-https traffic to the https URL. This is Google's preferred approach for all its highly ranked searches.
Once upon a time, the only websites that used to use https were the eCommerce websites so this is not new, it has been around for a long time. The importance for users now is that, as I said, Google will focus its rankings based on those sites that use https, this applies to all websites not just eCommerce ones, because it offers users a greater level of communication security to pass data between them so that they are not compromised.
Don't Save Card Details With any Websites
[NI]: Most online shops these days will encourage you to create an account and give you the option to save your payment card details. At first glance this seems like a really convenient feature, because you may think you're going to be back shopping there in the future, and you won't have to enter your card details again. However, if you think about it, you are entrusting those card details with whatever security systems that business has, and while they're storing them, that leaves the potential for if they have a breach or someone on the inside is stealing the data that your card information could be stolen.
So, while it's a nice convenient feature, it does open up a load of security issues. Personally, I avoid it as much as possible; unless of course you have a credit card with a very small balance used for only certain things and you really trust the business because it has an established security history. But for the sake of saving, 30 seconds to a minute of typing in the card details; because cards do expire so you will have to go through the process occasionally. It's just not worth clicking that Remember card check box or if it's already checked, just un-check it. It will reduce risks in the long run if they're not storing the details, you don't have to worry about your bank details being stolen by those means.
[SS]: That's absolutely correct and a great idea because effectively, every time you are using and storing your bank and card details on each website, what you've now done is you've made your bank card details open to being secured by two things.
Firstly, the website. And we know that all websites get breached at some point or another. It happens so often that it's no longer an impossibility. But, even if the website doesn't get breached in some way, shape, form, or another; you're relying on protecting your bank card details secondly, by your username and password. Which effectively means for someone to use your card details all they need to do is get hold of your username and password and they can order anything they want to. This section of the article is only available for our subscribers. Please click here to subscribe to a subscription plan to view this part of the article.
This section of the article is only available for our subscribers. Please click here to subscribe to a subscription plan to view this part of the article.
Additional security and risk information and resources for SMB's