- If you must send someone an installation executable or even a form helper program, compress the executable in a password protected ZIP file, where the password is not easily guessable. Using a standardized strong password limits access to users or employees that need to access the program.
- Educate your employees to not click on objects in documents without first confirming the source email address.
- Enforce content filtering on web and email to prevent employees receiving executable files from the internet
- Remove admin/local admin privileges to prevent employees installing new and unknown software onto devices.
- Consider Advanced Threat Prevention technologies that can examine emails for sophisticated multi-stage droppers that evade detection of all email security gateways today.
- There must be sufficient sustainable cause
- All concerned must behave with integrity
- The methods to be used must be proportionate
- There must be right authority
- There must be reasonable prospect of success
e-Commerce has become the most important platform for a Retailer to sell goods. And as the number of financial transactions on e-Commerce sites dramatically increase year-on-year, the more interesting they become to fraudsters and adversaries. The key to detecting security anomalies in this communication channel, is to log every crucial piece of information.
Even from an Operational perspective, it is very important for an e-Commerce company to know exactly what they should log, so that their IT Operations team isn’t overwhelmed with the amount of information being processed and thrown at them for review.
The five key areas to focus on must be:
- Checkout: Log every step in the checkout process for errors and set alerts so you know if any part of the process fails.
- Shopping cart: Log all add-to-cart failures when they occur, send out an alert, and investigate the problem ASAP. There are a lot of intermittent problems that can create big headaches.
- Online catalog/ product page: Look for issues with specific product lines, markets, or other logical groups of products, especially if you have old data or legacy software integrations.
- Email signup: Look for both client-side and server-side issues because the business logic resides in both places.
- Login & registration. In addition to form submission and validation, focus on authentication and authorization logic as a whole. Log social media login errors, authentication and authorization cookies that may be out-of-sync, and errors from additional authentication checks.
Do checkout his post here: http://apmdigest.com/5-areas-every-e-commerce-business-should-monitor-using-log-data
Image Courtesy: http://www.softprodigy.com