Close

Let’s book in your Veeqo demo

It only takes 30 minutes to find out how Veeqo can help reshape the way you run your retail business

Let's schedule your demo…

Join hundreds of brands using Veeqo to sell and ship everywhere

Join the hundreds of retail brands using Veeqo to sell and ship everywhere

Ecommerce Operations

5 Steps to Dealing with a Data Hack in Your Ecommerce Business

SHARE

Any kind of cyber security breach can be a serious problem for an ecommerce business.

From startups to large corporations, any organisation can be the target of an attack. And if it’s successful you stand to lose sensitive data, money and your reputation.

And it can be super costly.

According to data compiled by Zurich, around a fifth of businesses hit with cyber-attacks lost more than £10,000  – and one in 10 lost more than £50,000.

Acting quickly to reduce damage and prevent it happening again is essential if you’ve been hacked. So here are five steps to recovery following a business data breach.

1) Establish if it’s a genuine hack

The first thing you need to understand is whether this is a real breach or just something that looks like one.

It’s essential that your business is able to distinguish between genuine hacking attempts and false alarms. But it’s also unfortunately common that many forms of security software and technology generate thousands of alerts.

Many of which can be phantom alarms, like this experienced by Windows users:

When staff see a huge number of security alerts (with many being ‘false positives’) they can overlook or miss genuine threats. So all security alerts need to be investigated, rather than to assume they are the product of an over-sensitive firewall.

If there is a genuine breach you need to know about it as soon as possible, so take the time to look into the evidence behind a security alert and make an informed decision.

2) Investigate the extent of the breach

In the event of a genuine breach of your IT network, you first need to spend time establishing exactly what happened.

This can be a complicated and challenging process. But it’s essential that you ascertain the extent to which your system was compromised, whether data was stolen and how the hack was able to occur.

There are too many examples of companies announcing that they have been hacked – only to reveal days or weeks later that the extent of the hack wasn’t originally understood. This can lead to a business looking incompetent twice for the same incident.

Equifax gained repeated bad PR for their infamous 2017 US data breach as they seemed to continuously revise the extent of the hack.

They then had its one year anniversary noted across Twitter:

And it even resulted in new legislation being passed:

3) Use specialists to fix it

Your next step is to resolve the incident to ensure that the attack is stopped and its impact minimised.

For smaller businesses and those that don’t have in-house incident response specialists on-hand, it’s essential to get in contact with cyber security experts to help investigate and manage the incident and avoid exacerbating the situation.

It may even be worth keeping a cyber security firm ‘on retainer’ if your business deals with particularly sensitive data. Benefits include:

  • Saving on costs. Paying for in-house security teams or for someone to tidy up a breach after it occurs can be expensive.
  • Vigilant monitoring. So you always have someone who’s up-to-date on new vulnerabilities and security threats.
  • Quick, expert reaction. If any breach does occur, you’ll have a professional ready and waiting to quickly fix it.

Skilled cyber security professionals (such as London-based specialists Redscan) will be able to analyse the attack using the latest digital forensic techniques. This helps establish everything needed – from which systems and data have been compromised to the user accounts used to gain access to data.

4) Understand your GDPR responsibilities

With the General Data Protection Regulation (GDPR) in effect from May 2018, all companies that handle personal data relating to EU citizens need to comply with stricter rules surrounding how they process and protect that data:

In a nutshell:

Companies need to take more responsibility for personal data they hold. And one of the key requirements is that they have to notify a relevant Data Protection Authority within 72 hours if there has been a breach that could pose a risk to individuals.

If your organisation has suffered a breach and is unsure of its legal responsibilities to customers, clients or other business partners you should seek expert advice as soon as possible.

No company is above the law – as it was revealed when Facebook were fined by the UK’s ICO for data breaches:

5) Prevent it from happening again

After an attack, it is imperative that you learn from the incident and implement appropriate controls and procedures to mitigate the risk of it happening again.

Don’t assume that just because you’ve been attacked once, it’s unlikely to happen again. The number of cyber-attacks rises every year and your business is just as likely to be re-targeted.

It may be the case that you need to invest in new systems, processes and/or personnel to help improve your organisation’s cyber security posture.

Commissioning regular data security assessments, such as penetration testing, is a key way to understand your organisation’s vulnerabilities and tighten defences before they’re targeted.

Improving threat visibility through the use of the latest intrusion detection, behavioural monitoring and machine learning technologies is also important and can significantly enhance the speed and efficiency of incident response.

What are your thoughts on cyber security for ecommerce sites? Have you ever experienced a data breach? If so, how did you recover? Let us know in the comments below.

SHARE THIS ON:
The following two tabs change content below.

Written by Dakota Murphey

Independent Content Writer
Dakota Murphey is an independent writer from Brighton, with a passion for logistics and marketing. Dakota enjoys sharing her knowledge she gained over the years and incorporates her love of travel and business in her writing.

Latest posts by Dakota Murphey see all

Want more insights like this?

Join thousands of other subscribers and get the best content on ecommerce growth, marketplace trends and warehouse operations delivered directly to your inbox.

Join thousands of
fellow retailers...

Subscribe below and get the latest content on growing your ecommerce business direct to your inbox every week.



Veeqo rating on Shopify

Veeqo rating on Shopify

Veeqo rating on Xero
Veeqo rating on Xero

Veeqo rating on Capterra

Veeqo rating on Capterra