BeautyFresh Director Jack Wong explained what e-commerce platforms can do to better protect their customers
The rapid growth of Southeast Asian e-commerce sector comes with a price as not all e-commerce companies are well-armed in preventing customer data breaches and other forms of cybersecurity threats.
In April, Singapore’s Personal Data Protection Commission (PDPC) revealed action taken against companies which failed to take adequate actions to protect customers’ data.
Four organisations were fined and seven other were given warning for the missteps.
“Even though there is more knowledge of online threats or security, lapses in private data is still a big problem,” says BeautyFresh Director Jack Wong.
Wong previously worked at online security companies Systex and M Tech, and he discovered many online beauty shopping sites lack sufficient security measures.
Seeing an opportunity, he started a company that he believes to have the highest security standards.
“The difference between BeautyFresh and other e-commerce startups is that most are [built] by people with business or fashion-beauty mindsets. We started BeautyFresh with the mindset of ensuring that the security and privacy of consumers’ data is kept safe,” he explained.
In this interview, e27 speaks to Wong about cybersecurity trends, what businesses have gotten wrong about protecting their customers’ data, and what they can do about it – before the villains strike again.
The following is an edited excerpt of the interview.
Also Read: JAKU, emails, and shadow IT: Just some of latest global cybersecurity threats facing your business
What are the major security challenges that come with the growth of e-commerce in Southeast Asia?
The explosive growth is threatened by various factors, with security being one of them.
This region, from security standpoint, is a relatively young market and security is viewed as a cost, rather than an essential pillar whereby the web store or platform is built on.
Stuff like development from a security perspective, processes like SDLC, testing, what libraries, platform choices are imperative. But you don’t see much of that here.
Development is more focussed on performance and price which might be dangerous for both business and consumers.
What are the most common form of security threats in Southeast Asian e-commerce platform?
Some common threats are Denial of Service (DoS), cross site scripting, buffer overflow and even web defacing via SQL injections.
Omnichannel platform is a big deal right now. In many cases, which channel possessed the greater threats and needs to be given extra attention?
Omnichannel is a powerful way to enhance both businesses and consumers in terms of spread, options and convenience.
When users buy from platform A, it is reflected in platform B, and vice versa. Evaluating how data flows throughout the process is imperative. Any leak through the whole flow can lead to dire consequences.
The threat is when data is moving from one platform to another. Different platform or channels might have different protocols or methods to secure.
If the businesses are not clear about the protocols, it could leave consumers’ data vulnerable to attackers and malicious threats.
More channels and platforms also means more spread of data. Therefore, information like customer data, prices and payment credentials must be properly encrypted.
This starts from planning the infrastructure before heading into omnichannel … It has to be reviewed periodically.
What are the most common mistakes that e-commerce startups do when it comes to security? Your advice for them?
There are several, such as focussing on business model and things such as performance or price but not paying attention to security, not paying attention to relevant laws and security on processing of personal data.
Thinking that being a startup might be an excuse to avoid legal issues.
Hiring third party organisations for security and believing that it will be responsible for any security breach.
Using obsolete or old systems that needs tweaking or reviewing.
Ignoring online security is a flaw in workflow and business operations. Must safeguard consumers and pay attention to NDA, PDPA, and how business handle data.
Can you tell us more details about BeautyFresh’s strategy to protect customers’ data and prevent security breach?
All our team members are educated and trained on the importance of protecting our data and the value of it.
We have also went a step further by employing EVSSL which is reflected by the green address bar when you are on our website, you don’t see it very commonly deployed in most websites here.
EV SSL is validated by the Certification Authority to ensure that BeautyFresh is a legitimate business.
How can customers protect themselves? What are the signs that they need to beware of? Do you think there is enough education or discussion about the risk of online transaction?
Just like with offline retail store, customers can protect themselves by applying common sense in their web interactions.
Sometimes, the price of shopping at a less reputable store might have far serious consequences than the few dollars saved.
I think more could be done especially in computer introductory classes. There should be a class on secure online buying, habits and prevention measures.
Do you think the government has done enough to protect consumers?
Regulations are at infancy; more could definitely be done and the government bodies will definitely look into this.
E-commerce can certainly benefit both the economy and government not only through taxes, but also by attracting investors and develop logistics services.
There will be an increase in deliveries, which requires more workers and will help employment rates.
I believe governments in the region will definitely strengthen their laws, run checks on businesses and enhance monitoring of online activities as the e-commerce market is still growing and there are lots of opportunities available.
Image Credit: BeautyFresh
The post This founder went from cybersecurity to beauty e-commerce – this is what he learned appeared first on e27.
from e27 http://ift.tt/1XtWfRO