Information Security to facilitate growth in online sales sector

What happens to information security when online shopping is the norm?

The internet has changed many industries but none so radically as retail. In 2016 it is predicted that 2.6 million Irish shoppers will spend €5.7 Billion online. Online sales already contribute €188 Billion across the  European Union and this figure is predicted to grow immensely over the next decade.

To bring this sharply into focus Irish online retail sales have grown by 100% since 2008. This growth of approximately 20% per annum shows no signs of slowing despite the ongoing economic recession that is affecting most of the western world.

People find buying online more preferable than the traditional high street. It is easier to shop around online. A 10 minute Google search can bring back thousands of prices to be compared that would take hours, if not days, off-line.

This ease of use makes finding the exact product that you want, at the right price easier than ever. However it has also meant millions of people, around the world, being exposed to new systems designed to trick, defraud and fool the consumer. An information security arms war has begun that has no end in sight. Anti-virus software is always being updated as new viruses and malware is identified. Hackers probe and attempt to gain entry to users computers and devices but predictably there was a change in this behaviour.

As individuals become experienced and more prepared to repel cyber crime the criminals attempts have shifted focus. Just as some criminals progress from mugging to bank robbery cyber criminals began to target larger institutions, organisations that hold our personal information. They have had some success.

Information Security Breaches

Just as the online commerce industry has grown exponentially so to has the amount of data breaches. It would seem that every other day a new hacking story comes out. Just this year there has been information security breaches at Facebook, Twitter and Apple.

Apple’s developer portal was hacked and some information about 275,000 3rd Party developers was leaked. Six million Facebook’s users private emails and phone numbers were made available and 250,000 emails and partial passwords were lost when twitter was hacked. 

Whilst none of these breaches seems to combine to anything meaningful it is human’s propensity to take the easiest path possible that makes these hacks dangerous.

Passwords are often replicated across several digital accounts, many using the same password for Facebook and twitter and more dangerously also their email. Hackers can quietly build up enough information about you once they have access to your digital profiles. By knowing someone’s email and their password you can gain access to their personal mails, especially ones from banks, finance brokers or other financial institutions. Email is used as a user ID for many services, including online shopping sites. Using simple social engineering, criminals can impersonate someone with as little as their name, email and phone number.

These loses by massive house-hold brands represent only the tip of the iceberg. Many companies that have suffered a data breach do not want to reveal it for fear of loss of reputation and business.

Information Security for ALL

The onus should be on all parties to protect themselves, and their data. Users should refrain from using the same password for all of their accounts and should attempt to use different email accounts for different services. For instance one for personal emails, one for social networks and one for banking and online transactions.

Similarly companies that offer online transactions could look into storing passwords and emails in separate locations. They could protect the data that they store about their customers using passwords or similar encryption.

If information security is considered a priority for everyone then and only then can we continue to enjoy the benefits of online commerce.

As Ireland’s leading ISO 27001 certification body we believe that an independently assessed information security policy has a massive part to play in this continued growth. Our clients rest assured that they have systems and infrastructure in place to protect them from data breaches.

If you want to be able to assure your customers that you have a best practise, independently audited, information security management system in place to protect their data then please contact us today to organise training, a gap audit or to embark on ISO 27001 Information Security certification.

Person with laptop and hardhat ISO certification
Robert Lyons
Robert Lyons


Related ISO Certifications

Certification Europe small Rosette logo symbol

ISO 9001

Quality Management System

Quality Management System ISO 9001 is an internationally recognised global standard that confirms an …
Certification Europe small Rosette logo symbol

ISO 14001

Environmental Management System

ISO 14001 Environmental Management System ISO 14001 is the global standard for organisations wanting …
Certification Europe small Rosette logo symbol

ISO 45001

Occupational Health and Safety

Occupational Health and Safety ISO 45001 is an international standard that specifies requirements for …
Certification Europe small Rosette logo symbol

ISO 50001

Energy Management System

Energy Management Systems ISO 50001 is a global standard for organisations looking to improve …
Certification Europe small Rosette logo symbol

ISO 27001

Information Security Management Systems

Information Security Management Systems ISO 27001 is the international standard for managing risks related …
Certification Europe small Rosette logo symbol

ISO 22301

Business Continuity Management Systems

Business Continuity Management Systems ISO 22301 is the business continuity management system (BCMS) standard. …
Certification Europe small Rosette logo symbol

ISO 20000-1

IT Service Management Systems

IT Service Management Systems ISO 20000-1 Service Management is the international standard for quality …
Certification Europe small Rosette logo symbol

ISO 13485

Medical Devices

Medical Devices ISO 13485 is a globally recognised quality standard that identifies the requirements …
Certification Europe small Rosette logo symbol

ISO 27701

Privacy Information Management Systems

Privacy Information Management Systems ISO 27701 is the global standard for Privacy Information Management …
Certification Europe small Rosette logo symbol

BS 10012

Personal Information Management System

Personal Information Management System BS 10012 provides a framework for a Personal Information Management …
Certification Europe small Rosette logo symbol

ISO 27018

Protection of Personally Identifiable Information (PII)

Protection of Personally Identifiable Information (PII) ISO 27018 is the global standard organisations use …
Certification Europe small Rosette logo symbol

ISO 27017

Cloud Data Protection

Cloud Data Protection ISO 27017 is the global standard used by organisations to strengthen …

Related Insights

How to make small business sustainability a priority

Small business sustainability is becoming a priority in the drive towards Ireland becoming net zero – here’s…

What is circular economy and what does it mean for organisations?

The circular economy is not a new phenomenon. Read our breakdown of what the circular economy is…