Thursday, 11 February 2021
Purpose Media's Tim Lenton on why e-commerce revolution must be underpinned by cyber security
The rise in e-commerce means the need to be vigilant against cyber vulnerabilities is even more important, whether you’re a large or micro trader, says Tim Lenton, technical director at Purpose Media. He explains to Dan Robinson how the protective measures don’t need to be expensive.
The shift from physical to online has been one of the accelerating trends throughout the pandemic, as lockdowns have forced a rethink about how people buy goods and services.
In the week following the second national lockdown in England that ended on 5 December, retail footfall was 41.3% down on the same week in 2019, according to data from Springboard.
For many small businesses like independent bakeries, craft shops and dance schools that have previously existed as purely bricks and mortar, it’s meant they’ve had to pivot online in order to survive, with 35% of personal businesses beginning to offer services online during the pandemic.
And while sole traders might not expect to find themselves in the firing line of cyber-attackers, Tim Lenton urges them to think again.
“Anything that’s online is vulnerable,” he says. “The vast majority of websites won’t usually have any issues but making sure all bases are covered is important.
“It’s almost akin to insurance on a product – you don’t think about it until you need to use it. Many businesses might think it won’t happen to them but it doesn’t matter how big or small you are, anyone could be on the receiving end of an attack.
“Some companies have all their custom online so if something happened to the website, they wouldn’t have a business.”
More small businesses setting up e-commerce websites
Tim, who oversees Purpose Media’s web services – which, alongside cyber security, includes website development, maintenance and data centre solutions – works with more than 300 clients, ranging from sports clubs like Derby County and Derbyshire County Cricket Club through to firms such as Mansfield-based Golf Support and Rotherham-based True Refrigeration.
He’s noticed more SMEs joining the e-commerce revolution, with one small furniture retailer that was forced to close its shop for much of 2020 increasing its online sales tenfold during lockdown – and now flipping its business model into a predominantly web-based one.
“The company had a website beforehand but didn’t use it much,” says Tim. “Now it’s the main source of revenue.
“This is the case for lots of businesses and there’s not much cost attached to setting up a website on a small scale.
“But they don’t always think about the cyber security element. There’s free tools for WordPress, a popular content management system, which will offer protection to a certain level but as their revenue ramps up, so does the security threat.”
Tim says the profile of a company will also dictate the type of cyber threats they’re likely to face.
He adds: “Pretty much every website out there could end up on the end of an attempted attack because there’s so many automated bots trawling the web and looking for vulnerabilities.
“They’ll look at whether there’s anything using open-source software and many want to get access to users’ details, but there’s other types of attacks too that can harm a business, such as dropping malicious code onto a site to affect performance.
“So a lot of the work we put in place is to use automated tools to block a lot of that activity.”
One of the world’s most popular tools in this regard is Cloudflare, which offers protection for external-facing resources such as websites, APIs (application programme interfaces) and applications by acting as a firewall against malicious web traffic. Free plans are available at the small end of the spectrum, with costs typically on a sliding scale between £20 and £100 per month depending on the size of business and protection required.
But a lot of the cyber work is far simpler and just ensures companies aren’t storing more data than they need to, which is also part of GDPR legislation.
“This means that if anyone did hack into their system, there’s nothing valuable to steal,” adds Tim.
Four popular cyber-attacks, explained by Tim Lenton
1. Accessing data for malicious intent
A lot of people use the same the same email and password across multiple websites so if an attacker can gain access to a user’s log-in details stored by one website, these can then be used across other sites, where they may be able to access financial details.
A cyber-criminal will send an email pretending to be genuine but featuring a link that goes to a malicious webpage – for example, saying the recipient needs to change their password. If a company doesn’t have the latest plug-ins on a third-party website such as WordPress, there might be vulnerabilities that can be exploited. They could piggy-back on its servers or create a hidden page on the website, so they have an IP address to send the emails from. This can result in a company’s website being blacklisted by search engines and could cost money to have the issue resolved.
3. Blackmail attempts
Particularly in the finance space, companies will often be targeted by blackmail attempts. A hacker might contact the business saying they have all its customers’ details and will cause havoc if the firm doesn’t pay a ransom, potentially causing huge damage to a reputation.
4. DDoS attacks
Distributed denial-of-service (DDoS) attacks will target high-profile businesses by pushing a massive amount of traffic onto their website – often thousands of requests per second – to crash it and then try to blackmail the organisation.
This article appears in the February 2021 issue of the Chamber's Business Network magazine. To read the online edition, click here.Back