The topic of cybersecurity is a perennial favorite for online providers. In today’s age, hackers and software manufacturers are in a perpetual race against one another. In fact, almost every week, reports on critical security vulnerabilities in CMS and shop solutions are reported. The leading German consumer safety group, Stiftung Warentest, pointed to a security problem that has been known for months in a large open-source shop system, which has not been completely eliminated in the individual shops until recently. The Federal Office for Information Security (BSI) reported that in October, roughly 500 German online shops were reported as insecure, and the number of shops affected has doubled.” Both small shop owners as well as large players, as the case Yahoo shows, are susceptible to security breaches.

1. Security in B2B online shops

Many B2B providers raise the question of how relevant it is for them to safegaurd their B2B e-commerce shops. The answer is that it is crucial that B2B shops take the proper precautions to secure themselves from cyber attacks. Neglecting to install security can lead to placing customer data at risk. Therefore, it is necessary that store operators check for security gaps and eliminate them as quickly as possible. However, the topic has a much larger dimension: in the age of integrated systems, in which the online shop integrates data directly into internal company systems such as ERP, CRM or PIM, the risks of security vulnerabilities are business-critical. However, running a B2B online shop as a stand-alone solution is also no longer an option. The question is, how do shop providers protect their ERP systems and the important data they contain?

2. The right concept for direct connection to in-house systems

Today, many systems offer standard interfaces such as Web Service or REST APIs to help provide interoperability between computer systems on the Internet. These interfaces are convenient and help facilitate the integration of different systems. However, the drawback is that these interfaces pose an entry point for an attack, as seen recently in the case of the WordPress REST API.

A proven solution to this issue is the interposition of a security instance. Security instance provides no direct access from the online shop (DMZ) to the ERP. In fact, only defined messages are transferred to the ERP or the CRM. In the best case scenario, shops will contain a monitoring system which informs the administrator of shop irregularities.

In addition to missing technical actions, conceptual errors also lead to security breaches. For example, many online shops import data from ERP or CRM systems. If 10,000 complete customer records are imported into the store, then this can represent a risk. In the case of an attack, all customer records will be affected. Therefore, many e-commerce shops prefer to only support the import option. The import option limits the shop to only ask in real-time when the customer logs in for information to be fetched from the ERP or CRM.

3. Modern and secure software platforms

Regardless of whether it's a B2C or B2B e-commerce offering, the software or platform you use has a security impact on your business. The older the platform, the more critical the security question is. There are also different models of how access rights and security are regulated.

For example, the eZ Commerce solution, developed by silver.solutions, uses the role-based access model provided by eZ Platform Enterprise. Without assigning an appropriate role, no access to content or features of any kind is permitted. This security concept is used by definition for all functions and content of the e-commerce and CMS platform.

The provider's support, which is guaranteed by the conclusion of an eZ Enterprise contract, is also invaluable when it comes to security. Patches are rolled out regularly to immediately close any security holes that may be present.. New features, add-ons and user experience improvements are automatically available to Subscription customers. With long-term support versions, eZ assists customers in the long run and makes it easier to plan for the future. Thanks to the combination of secure software and reliable manufacturer support, eZ is also used in security-relevant areas such as banks and administrations, that are regularly reviewed.

4. Many adjustments lead to unsafe systems

Many integrated e-commerce projects decide against a dedicated B2B solution. In order to obtain all of the necessary features, developers tend to strongly adapt a standard e-commerce solution. eZ Platform Enterprise edition is based on the Symfony framework which is widely considered to be one of the most modern and secure frameworks. However, developers can make serious mistakes here as well, opening the floodgates to hackers. Often, technical restrictions force unusual solutions: many inherently safe modules are completely redeveloped. In addition, data that is imported directly from an ERP system can lead to significant security risks.

Unlike the auto industry, e-commerce shops lack examinations by an authorized entity. For instance, when a VW Golf (B2C Shop) is used as a base to build a truck (= complex and integrated B2B shop) it must pass certain tests before it can be put on the road. In Germany, TÜV (German Association for Technical Inspection) or DEKRA (largest inspection company in Germany) is responsbile to prevent flawed cars from the road.. Unfortunately, there are no corresponding assessments for online shops. So make sure you use a B2B solution that's designed for it.

5. Updates, Updates, Updates

In the race of security experts, developers, hackers and data thieves, there will inevitably be situations in which security gaps are uncovered. If that's the case, then a security update is a priority. We can not emphasize enough: Regular security updates need to be installed in a timely manner. It's best to rely on maintenance contracts and automated updates. To read more: The blog onlineshop-basics.de has clearly and concisely compiled the various risks for online shops and possible solutions.

Load Comments
loading...