What happens to information security when online shopping is the norm?
The internet has changed many industries but none so radically as retail. In 2016 it is predicted that 2.6 million Irish shoppers will spend €5.7 Billion online. Online sales already contribute €188 Billion across the European Union and this figure is predicted to grow immensely over the next decade.
To bring this sharply into focus Irish online retail sales have grown by 100% since 2008. This growth of approximately 20% per annum shows no signs of slowing despite the ongoing economic recession that is affecting most of the western world.
People find buying online more preferable than the traditional high street. It is easier to shop around online. A 10 minute Google search can bring back thousands of prices to be compared that would take hours, if not days, off-line.
This ease of use makes finding the exact product that you want, at the right price easier than ever. However it has also meant millions of people, around the world, being exposed to new systems designed to trick, defraud and fool the consumer. An information security arms war has begun that has no end in sight. Anti-virus software is always being updated as new viruses and malware is identified. Hackers probe and attempt to gain entry to users computers and devices but predictably there was a change in this behaviour.
As individuals become experienced and more prepared to repel cyber crime the criminals attempts have shifted focus. Just as some criminals progress from mugging to bank robbery cyber criminals began to target larger institutions, organisations that hold our personal information. They have had some success.
Information Security Breaches
Just as the online commerce industry has grown exponentially so to has the amount of data breaches. It would seem that every other day a new hacking story comes out. Just this year there has been information security breaches at Facebook, Twitter and Apple.
Apple’s developer portal was hacked and some information about 275,000 3rd Party developers was leaked. Six million Facebook’s users private emails and phone numbers were made available and 250,000 emails and partial passwords were lost when twitter was hacked.
Whilst none of these breaches seems to combine to anything meaningful it is human’s propensity to take the easiest path possible that makes these hacks dangerous.
Passwords are often replicated across several digital accounts, many using the same password for Facebook and twitter and more dangerously also their email. Hackers can quietly build up enough information about you once they have access to your digital profiles. By knowing someone’s email and their password you can gain access to their personal mails, especially ones from banks, finance brokers or other financial institutions. Email is used as a user ID for many services, including online shopping sites. Using simple social engineering, criminals can impersonate someone with as little as their name, email and phone number.
These loses by massive house-hold brands represent only the tip of the iceberg. Many companies that have suffered a data breach do not want to reveal it for fear of loss of reputation and business.
Information Security for ALL
The onus should be on all parties to protect themselves, and their data. Users should refrain from using the same password for all of their accounts and should attempt to use different email accounts for different services. For instance one for personal emails, one for social networks and one for banking and online transactions.
Similarly companies that offer online transactions could look into storing passwords and emails in separate locations. They could protect the data that they store about their customers using passwords or similar encryption.
If information security is considered a priority for everyone then and only then can we continue to enjoy the benefits of online commerce.
As Ireland’s leading ISO 27001 certification body we believe that an independently assessed information security policy has a massive part to play in this continued growth. Our clients rest assured that they have systems and infrastructure in place to protect them from data breaches.
If you want to be able to assure your customers that you have a best practise, independently audited, information security management system in place to protect their data then please contact us today to organise training, a gap audit or to embark on ISO 27001 Information Security certification.