The importance of protecting data

The importance of protecting data

BETTING À DAY

There are dire consequences for a merchant who fails to protect their IT environment, especially their customer data, when doing e-commerce.

No business is safe from the plague of ransom. The tiny ones like the giants. But, unlike banks, an SME is somewhat left to itself in the face of cyber-pirates. And the environment has become relentless. 

Because hackers are now multinationals and their robots systematically comb the web to detect vulnerabilities in computer networks. Cyberattacks happen every second, with hundreds of intrusion attempts daily.

As soon as a robot detects a flaw in your network, hackers break in, take a few days to analyze it and plant malware that slowly encrypts entire parts of your environment, including your backups. A few months later, they freeze your computers and demand a ransom of a few million. 

Some hackers do research to find their prey. They analyze the type and amount of information they have hacked and will put it all up for auction. Other hackers take over and will take care of the attack and the ransom.

Not the means

“Most SMEs cannot afford a cyber protection expert,” explains François Daigle, vice-president, professional services and training at Okiok. And with the new Law 25 on the protection of personal information, merchants must designate a person in charge, adopt a policy and, next year, must disclose any security breach to the authorities, especially if confidential information is compromised. »

How to deal with such a hostile environment? By choosing the appropriate technologies and approaches. 

Some merchants are content to use a CMS (WordPress, Joomla) and plug-ins like WooCommerce. Mistake. This exposes you to bugs or malware designed specifically to easily penetrate these environments.

In fact, it is better to entrust the transactional part to a specialized firm like Moneris, especially for the payment part. Because, today, to do business online with Visa or Master-Card, your environment will have to comply with the PCI standard (Payment Card Industry Data Security Standard, or PCI DSS). This is a titanic challenge for an SME. And, at least, your customers' payment data won't be stored on your servers (otherwise, you're responsible for them under the law).

Hackers have long learned how to deal with the firewalls of your servers. And relying on a subscription to Karspersky, Norton or Defender may be the basis, but it is not enough.