Improve Small Business Cybersecurity and Prevent Magecart Attacks
The coronavirus pandemic has required a lot of creativity and adaptation for both small businesses and consumers. It has also led to a tremendous expansion of business-to-consumer and business-to-business e-commerce, and hackers and cybercriminals have taken notice.
When hackers compromise a business e-commerce site, they can steal payment information, including credit card numbers, customer identities and billing addresses. This is a lucrative business for hackers. They are able to sell the stolen information for as much as $100 each on the black market.
The attack surface has radically expanded because of all the new e-commerce sites out there as everyone tries to do business online during the pandemic. Many companies hurried to get their e-commerce sites up and running and put cybersecurity on the back burner. This has left many small to medium-sized businesses at risk of being compromised.
Magecart, a consortium of hacker groups targeting online shopping carts for businesses, has been a growing threat since as far back as 2010. According to a 2019 report by RiskIQ, Magecart has been responsible for more than 2 million attacks and has affected over 18,000 hosts. Some of the most noteworthy attacks include Ticketmaster, British Airways and NewEgg.
How a Magecart Attack Works
To steal customer payment information, Magecart starts by attaching malware to a business’s online shopping cart system. The hackers will then insert malicious code into the system that is designed to forward the credit card number and associated address directly to the hacker at a fake but legitimate-sounding domain.
There are only a handful of ways to detect a Magecart attack on your small business. One is to look for unusual transactions, including transactions for small amounts (less than a dollar), and an increase in the number of foreign transactions. The other way is to look at your shopping cart system code line by line to see if anything has changed. In many cases, a breach isn’t detected until customers begin reporting credit card and bank fraud on their accounts.
How to Stay Protected
Cybersecurity can be difficult for small business owners to address because in many cases they are trusting their e-commerce provider to keep customers’ information secure. Here are some considerations for choosing an e-commerce provider.
- Who is liable in the event of a breach? The terms and conditions for many widely available e-commerce providers will state that they are not responsible in the event of a breach. You should also understand their cyber insurance policy. They may have a policy that covers $25 million in losses, but one or two large businesses could eat through this in a hurry, leaving your small business footing the bill for its losses.
- Who is spot-checking the vendors? It may not be enough to trust the partner that built your e-commerce site. You should also have a cybersecurity expert on your side that is going to spot-check their work and run tests to make sure their system is secure.
- Are your vendors passionate about cybersecurity? When you’re talking to potential e-commerce providers, ask them about their approach to cybersecurity. Those that are passionate about keeping your system secure should be able to tell you a great deal about what they do.
Find a Reliable Partner to Help With an Action Plan
So, how should you react if you discover that your e-commerce site has been compromised? The truth is, you need to have this figured out well before it happens. Without an action plan in place, you could be left with no viable solutions in the event of an attack because you were not collecting the right information.
If you find a reliable cybersecurity partner before an attack takes place, they can help you create that action plan and let you know what kind of data to be monitoring and capturing. That way, when an attack occurs, they will be able to utilize the data and fix the problem.
Northwest Bank Takes Small Business Cybersecurity Seriously
We take cybersecurity seriously. Our Business Security Center contains tools and educational resources to provide you with the knowledge to help prevent your business from becoming the victim of fraud. Visit our online Business Security Center for more information.
Small Business Financing for the Next Step
You’ve worked hard to build your business. Now make sure it continues to thrive. Local businesses are vital to the community, which is why helping yours grow is our priority.
Talk to a Business Banker Today
View all articles