Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during this prime shopping season. Awareness, Checking security controls and Testing security now will help your business lock down your systems during the holiday rush.
Repelling Attacks by Killer Web Apps
Remember the movie, “Attack of the Killer Tomatoes?” The premise that tomatoes were dangerous made us laugh at the campy horror. But “Killer Web Apps?” Lest you grin, think twice because an innocent looking, malware-infected website may be the means for a hacker to steal customer data and drain bank accounts.
One way hackers hope to foil your holiday shopping season joy is by infecting applications on your website.
About two-thirds of web app attacks are “secondary.” That means a hacker’s real goal is to turn your site into a “Killer App” that infects your customers’ browsers, takes control of their devices, steals their passwords, and penetrates other accounts for profit.
Their success makes you a bad guy by association. And that’s a reputation very bad for business.
Here are three simple steps that help protect your web server and applications from attack:
1. Scan for and patch vulnerabilities. Use a vulnerability scanner to regularly test your server and apps for weak spots exploitable by hackers. Apply vendor patches to fix vulnerabilities within one month of release; do so immediately for critical apps.
2. Use secure web apps. If you buy apps for processing payment cards, only buy apps that are validated by the PCI Council. If you program your own payment apps, follow guidelines from the PCI Council outlined in the Payment Application Data Security Standard (PA-DSS).
3. Use a web app firewall and other secure technology. A web app firewall will help protect your apps from attack. So will using strong Transport Layer Security (TLS) encryption instead of older Secure Sockets Layer (SSL) encryption for connections to and from payment apps.
Typically, most of this advice requires you to get help. Ask for it from the person who installed your web server and applications.
Resources that can help you:
- Payment Security for Small Business: Protect your customer and your business with PCI
- PCI Validated Payment Applications
- PCI Payment Application Data Security Standard (PA-DSS)
- To learn more about web app attacks and payment card security, visit: https://www.pcisecuritystandards.org/
