3 Ways To Protect Your Company's Website From Cyber Threats
Things that you can look out for and various layers of protection you can put in place to minimize your risk of victimization
Reports of cybercrime have surged in the past few years, not only in Singapore and other parts of Southeast Asia but all over the world. A study by AT Kearney suggests that top 1000 companies operating in Southeast Asia alone could potentially end up losing around the USD 750 billion in market capitalization due to cyber attacks. While attacks like the one recently against government infrastructure in Singapore grab headlines, small businesses and even individuals are cyber-attacked on a daily basis.
Governments can and are exploring different methods to address cybersecurity on a macro level. The question is that what can we do to safeguard ourselves and, more specifically, our businesses on a micro level? Before we take steps to prevent our victimization, we must first ask the question of “what should we be looking out for?”.
It all boils down to irregularities whether in regards to traffic patterns, consumer login behaviour or data submitted during user registration. Here is what all this actually means on a practical level:
Suspicious Traffic Patterns:
Are you seeing overall spikes in incoming traffic on your website or servers without a clear catalyst (IE: no recent marketing promotion, increase in ad budget or product launch)? The best case scenario is that your business is experiencing a sudden surge in organic activity! Congratulations!
Worst case is that you might be seeing the initial signs of malicious behaviour. In either case, it is worth keeping an eye on things to understand what should be categorized as a normal activity and what should alarm you.
Tracking IP patterns is an associated topic of interest when it comes to traffic patterns. Where are your customers and visitors coming from? Are you seeing spikes in activity from a specific IP or location? Does that location have any relation to your business or marketing activity? Understanding and recognising patterns help in differentiating the organic from the malicious.
Consumer Login Behavior:
We are all human and so at times, we can all be forgetful which certainly can apply to our passwords. Hopefully, we’re using something more complicated than “12345” which requires a bit of memory capacity! Nonetheless repeated failed login attempts across a single or, worst yet, multiple customer accounts over a short timeframe should certainly be a cause for concern.
Similarly, traffic patterns, IP patterns, and geographic trends can be big indicators to look out for. Are your customers logging in from unfamiliar IPs or countries and cities? Sure, they could be travelling but their account credentials could also have been compromised. Ensuring that you are monitoring these things in a non-intrusive way while giving your consumers the ability to verify themselves and their behaviour, is critical for the security of both parties.
Unfortunately, while safeguards against cybercrime have advanced over time, so have the bots. Ensuring that your registration procedure is user-friendly but stringent enough to filter out some of those bots can prevent a lot of issues further down the road.
Requiring corporate email addresses as opposed to generic addresses is something to be considered as in theory corporate addresses are more time consuming to set up. Requesting that your users fill in full names and ensuring that the first and last name are not copies of one another helps filter out certain generic bot cases. Email or mobile verification post-registration is another relatively frictionless way of conducting low-level filtering of bots.
Fake names, fake email addresses, and fake mobile numbers are indicative of questionable registrants who can be either malicious or simply less likely to use your service. In either case, by applying these simple steps you can prevent some hassles further down the line.
At the end of the day, there is absolutely no guaranteed mechanism to ensure that you and your business will never find yourselves in the crosshairs of cybercriminals. However, there are various things you can look out for and various layers of protection you can put in place to minimize your risk of victimization.
Prevention really is the best practice when it comes to cybersecurity.
Eric brings a world of knowledge, relationships and experience with him built on 15 years in the startup, tech and business world after having started his first company at 17 years old. He was born in Canada and is now based out of Singapore.
Eric plays an integral role at Impiro and within some of its portfolio companies, Silverstreet & Twizo included, in terms of driving partner relationship development, strategy and new initiatives. His strong focus on providing great value, transparency and dedication to his partners has become synonymous with his approach to business and a foundational aspect of everything he does at the group.