Cybersecurity awareness and e-skimming
Every October we review issues that are highlighted by annual cybersecurity awareness efforts across the globe. This year those topics include things like traveling tips, workplace security, and staying safe when buying new technology. You can see more information about all of these topics on the National Cybersecurity Awareness Month (NCSAM) website here and the European Cyber Security Awareness Month (ECSM) website here. Today we'll briefly cover the risks around eCommerce and a crime that is commonly referred to as e-skimming.
Put simply, e-skimming is the act of stealing credit card data and other personal information as it is being entered into an online form. In the context of eCommerce, this would normally happen when a customer logs in to an online account or enters payment and delivery information at checkout.
- Perform regular updates to payment software
- Install patches from payment platform vendors
- Implement code integrity checks
- Keep anti-virus software updated
- Ensure you are PCI DSS compliant
- Monitor and analyze weblogs
- Refer to your Incident Response Plan, if applicable
If your site is compromised, activate your incident response plan immediately. If you do not have an incident response plan, consider prioritizing the following steps:
- Quarantine the compromised application to prevent further data loss
- Investigate the incident and evaluate the damage. Be sure to look for any additional attacks or remaining malware on your network or websites.
- Report the incident to the appropriate law enforcement authorities so that they can take action. In addition to local law enforcement, this should include ic3.gov (FBI) in the US and https://www.europol.europa.eu/report-a-crime/report-cybercrime-online (Europol) in the EU.
For more information on how to protect your e-commerce site and other web forms, visit the following resources:
National Cybersecurity Awareness Month e-skimming download
Barracuda Web Application Firewall website and Application Security blog
October is recognized as CyberSecurity Awareness Month (NCSAM) in the US and CyberSecurity Month (ECSM) in the EU. These are collaborative efforts between governments and industries to raise awareness about various cybersecurity issues and to educate members of the public so that they can do more to keep themselves safe online.