Malware Threats Merchants Must Fight
Online merchants don’t always have access to a team of security and network experts who can help them deal with cybercrime. While some are lucky to have a small IT staff or at least a consultant to answer their questions, many online merchants are mom-and-pop shops where it’s actually mom or pop handling everything from customer service to protecting the security of their online operations.
Fortunately, there’s outside help for one of the biggest concerns: fighting fraud when accepting payments online. A payment services provider like PayPal can help secure an online business (see the PayPal Insider in this chapter). Customer information is encrypted on the PayPal servers and any data that is passed between clients, retailers, and PayPal is secured using the latest safety technologies.
PayPal also encourages customers and online merchants to have a solid understanding of how malware works, how it infects computers, and how to spot signs of infection.
Here are some of the key malware risks you need to know about:
- Unpatched servers: If you’re using outside servers exposed to the Internet, or even internal servers that don’t connect to the Internet, you’re at risk for major security issues if you don’t patch all your servers as soon as patches become available.
- Unpatched software: Many free, mainstream Internet applications can contain security vulnerabilities to be exploited by worms or viruses, and Internet security software vendors may take days or months to update their software to deal with new threats. In the meantime, your computer and networks are at risk. Fortunately, if you keep your browsing and email software updated with the latest security patches, you can minimize these risks.
- Insecure peer-to-peer (P2P) file sharing: If you have file and printer sharing turned on, it’s easy and convenient to share files with your coworkers. Individual users’ computers often have file- and printer-sharing turned on, allowing files to be copied directly between computers within an office. While this is convenient and often essential to work group productivity, when it comes to confidential data, don’t share these files unless they’re stored on a secure server.
- Insecure passwords: If you’re sharing resources on a network, make sure they’re password-protected. A strong password policy gives business owners control over who can access which resources, when they can access them, and what’s available for sharing. Also, if an employee is terminated, it’s easy to disable her network access.
- Personal laptops or mobile devices: Both business-owned and personal laptops and mobile devices pose certain security risks to businesses. However, while business owners can control what a user does on company equipment, they don’t have much say when it comes to what people do on their personal devices.