It took some time for Kevin Stecko to learn in 2013 that the e-commerce system for his website, 80stees.com, had been hacked. Whoever did it ?sat on the [data] for about six months,? Stecko says. ?We didn?t notice anything.??
He doesn?t know how the breach happened, but he suspects it may have been the work of a former employee. Today, he outsources the technological back end of his site, which does under $10 million in sales, to Shopify, the popular provider of e-commerce services to tens of thousands of companies.
Security breaches are becoming almost regular news. With ongoing high-profile revelations about the likes of Home Depot and JPMorgan Chase having millions of customers? data hacked, such events are losing their capacity to shock. Until, that is, it happens to your business. In a 2014 survey of U.S. executives by Experian and the Ponemon Institute, 43 percent said their organizations had suffered a data breach in the past two years. ?No matter how small you think you are,? warns Stecko, ?there?s a good chance you are being targeted by hackers on a regular basis. They are probing for any weakness in your systems, practices, or people.?
One way to keep things safe, paradoxically, is by taking matters out of your own hands and using a giant cloud company to store your data. Stecko no longer has access to his site?s credit card data, which is safely locked up with Shopify. Now, he says, ?I know that a rogue employee can?t steal customer credit card information.? His other tactic for increased security: two-step authentication–employees need a username and a password plus the answer to a security question to log into the system.
You can also opt for what is sometimes called a ?private cloud? option–a password-protected and often encrypted service. This is what Mission Benefits founder-CEO Matthew Sohn is doing with ShareFile, a product offered by tech giant Citrix that provides that extra layer of security and encryption. ?If we were selling widgets,? Sohn allows, ?it would be different,? but federal requirements dictate how customer data for businesses like his–which helps companies with health insurance and other benefits–must be stored.
Training staff so they don?t get hoodwinked–if, say, someone calls pretending to be a store manager seeking customers? passwords–is also critical, says Nathan Toups, chief technology officer for Key the City Concierge. ?You could have the best encryption on the planet,? Toups points out, ?but if you give out a password, it doesn?t matter.? To address that concern, Tim Ryan–founder and creative director of digital video company TAR Productions, which relies on cloud-based services?–turned to Apple?s Keychain to make custom, randomized passwords for each provider he uses.
Read more at?INC.