Safeguarding Online Businesses: Cybersecurity Tools and Techniques

Authors

  • Francis Pol C. Lim American Management University

DOI:

https://doi.org/10.47604/ejbsm.3549

Keywords:

Online Business, Digital Economy, Cybersecurity

Abstract

Purpose: The accelerated expansion of business online has brought unprecedented commercial opportunities but also subjected businesses to emerging cybersecurity risks.

Methodology: This report is a conceptual review on fundamental tools, methods, and frameworks required to protect digital business, with emphasis on both technical and organizational aspects. Key strategies like firewalls, encryption, intrusion detection systems, and multi-factor authentication are discussed together with best practices in risk assessment and staff training. The forum also touches upon the establishment of a cybersecurity culture in organizations, with the focus on the human element of prevention.

Findings: Moreover, the research points to the importance of legal and regulatory compliance, including certifications and measures of protection of data used in the Philippines, other Asian nations, and the international arena. Cost-effective technologies combined with regulatory compliance can enhance resilience, safeguard customer trust, and ensure competitiveness.

Unique Contribution to Theory, Practice and Policy: The research implies that ensuring robust cybersecurity protection for online businesses is a fundamental prerequisite for organizational sustainability, consumer trust, and competitive growth in today’s digital economy.

Downloads

Download data is not yet available.

References

Abdullah, N. H., Mansor, Z., & Hamid, N. A. (2019). Personal data protection in Malaysia: Law and practice. Pertanika Journal of Social Sciences & Humanities, 27(1), 67–82. https://doi.org/10.47836/pjssh.27.1.05

Akacha, S. A., Alharthi, A., Alghamdi, A., & Alshamrani, A. (2023). Enhancing security and sustainability of e-learning: Threats, trends, and mitigation strategies. Sustainability, 15(19), 14132. https://doi.org/10.3390/su151914132

Alhawari, S., AlShihi, H., AlShihi, A., & Ali, S. (2021). Cybersecurity challenges in small and medium-sized enterprises: A systematic literature review. International Journal of Business Information Systems, 37(2), 135–158. https://doi.org/10.1504/IJBIS.2021.118237

Alier, M., Casany, M. J., Conde, M. Á., & Piguillem, J. (2021). Privacy and e-learning: A pending task. Sustainability, 13(16), 9206. https://doi.org/10.3390/su13169206

Alotaibi, F., Al-Bassam, N., & Ameen, A. (2016). Next-generation firewalls: Technologies, applications, and challenges. International Journal of Computer Applications, 146(7), 18–24. https://doi.org/10.5120/ijca2016910660

Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98, 102003. https://doi.org/10.1016/j.cose.2020.102003

Cappelli, D. M., Moore, A. P., & Trzeciak, R. F. (2012). The CERT guide to insider threats: How to prevent, detect, and respond to information technology crimes. Addison-Wesley. https://doi.org/10.5555/2381026

Cavoukian, A. (2012). Privacy by design: Origins, meaning, and prospects. In Privacy protection measures and technologies in business organizations: Aspects and standards (pp. 170–208). IGI Global. https://doi.org/10.4018/978-1-4666-0987-9.ch009

Chotipong, S. (2020). Thailand’s Personal Data Protection Act: Compliance and implications for businesses. Asian Journal of Comparative Law, 15(2), 303–324. https://doi.org/10.1017/asjcl.2020.22

Da Veiga, A. (2016). An approach to information security culture change combining ADKAR and the ISCA questionnaire to aid transition to the desired culture. Information & Computer Security, 24(2), 118–134. https://doi.org/10.1108/ICS-07-2014-0042

Da Veiga, A., & Eloff, J. H. P. (2010). A framework for information security culture assessment. Computers & Security, 29(2), 196–207. https://doi.org/10.1016/j.cose.2009.09.002

Das, A., Bonneau, J., Caesar, M., Borisov, N., & Wang, X. (2018). The tangled web of password reuse. Network and Distributed Systems Security Symposium (NDSS). https://doi.org/10.14722/ndss.2014.23124

Fernández-Caramés, T. M., & Fraga-Lamas, P. (2019). A review on the use of blockchain for the Internet of Things. IEEE Access, 6, 32979–33001. https://doi.org/10.1109/ACCESS.2018.2842685

Florêncio, D., & Herley, C. (2007). A large-scale study of web password habits. In Proceedings of the 16th International Conference on World Wide Web (WWW 2007) (pp. 657–666). https://doi.org/10.1145/1242572.1242661

Greenleaf, G. (2018). Global data privacy laws 2017: 120 national data privacy laws, including Indonesia and Turkey. Privacy Laws & Business International Report, 149, 10–13. https://doi.org/10.2139/ssrn.2993035

Greitzer, F. L., Kangas, L. J., Noonan, C. F., Brown, C. R., & Ferryman, T. A. (2014). Identifying at-risk employees: Modeling psychosocial precursors of potential insider threats. 2014 IEEE Security and Privacy Workshops, 251–264. https://doi.org/10.1109/SPW.2014.41

Hadnagy, C. (2018). Social engineering: The science of human hacking. Wiley. https://doi.org/10.1002/9781119433750

Idika, N., & Mathur, A. P. (2007). A survey of malware detection techniques. Purdue University, CERIAS Technical Report. https://doi.org/10.5703/1288284314650

Jagatic, T. N., Johnson, N. A., Jakobsson, M., & Menczer, F. (2007). Social phishing. Communications of the ACM, 50(10), 94–100. https://doi.org/10.1145/1290958.1290968

Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015). Cutting the Gordian knot: A look under the hood of ransomware attacks. In Detection of Intrusions and Malware, and Vulnerability Assessment (Vol. 9148, pp. 3–24). https://doi.org/10.1007/978-3-319-20550-2_1

Kindervag, J. (2010). Build security into your network’s DNA: The zero trust network architecture. Forrester Research, Inc. https://doi.org/10.6028/NIST.SP.800-207

Knapp, K. J., Marshall, T. E., Rainer, R. K., & Ford, F. N. (2006). Information security: Management’s effect on culture and policy. Information Management & Computer Security, 14(1), 24–36. https://doi.org/10.1108/09685220610648355

Kshetri, N., & Voas, J. (2017). The economics of “cryptocurrencies” and blockchain. IEEE Computer, 50(9), 18–21. https://doi.org/10.1109/MC.2017.3571047

Kumar, R., Shankar, R., & Lim, W. M. (2022). Cybersecurity and resilience in digital business: A review and research agenda. Journal of Business Research, 139, 1440–1455. https://doi.org/10.1016/j.jbusres.2021.10.058

Kuner, C., Bygrave, L. A., & Docksey, C. (2015). The EU General Data Protection Regulation: A commentary. Oxford University Press. https://doi.org/10.1093/oso/9780198826491.001.0001

Lindström, J., Johnson, P., & Johansson, E. (2020). A systematic review of information security incident handling. Computers & Security, 92, 101734. https://doi.org/10.1016/j.cose.2020.101734

Mellado, D., Fernández-Medina, E., & Piattini, M. (2010). A common criteria based security requirements engineering process for the development of secure information systems. Computer Standards & Interfaces, 32(6), 305–313. https://doi.org/10.1016/j.csi.2010.03.004

Mirkovic, J., & Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), 39–53. https://doi.org/10.1145/997150.997156

National Privacy Commission (NPC). (2016). Implementing Rules and Regulations of the Data Privacy Act of 2012. Republic of the Philippines. https://doi.org/10.2139/ssrn.3512614

Nayak, R., Ojha, A., & Sharma, R. (2020). Cloud-based backup and recovery solutions for business continuity: A review. International Journal of Cloud Computing and Services Science, 9(1), 1–11. https://doi.org/10.11591/closer.v9i1.2020

Nishimura, A. (2008). Privacy and data protection in Japan: Law, policy, and institutions. International Data Privacy Law, 1(2), 104–112. https://doi.org/10.1093/idpl/ipq009

NIST. (2018). Framework for improving critical infrastructure cybersecurity, version 1.1. National Institute of Standards and Technology. https://doi.org/10.6028/NIST.CSWP.04162018

Park, Y. J., & Shin, D. H. (2019). Privacy and security certification in South Korea: The ISMS-P framework. Telecommunications Policy, 43(10), 101815. https://doi.org/10.1016/j.telpol.2019.101815

Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., & Zwaans, T. (2017). The human aspects of information security questionnaire (HAIS-Q): Two further validation studies. Computers & Security, 66, 40–51. https://doi.org/10.1016/j.cose.2017.01.004

Romanosky, S. (2016). Examining the costs and causes of cyber incidents. Journal of Cybersecurity, 2(2), 121–135. https://doi.org/10.1093/cybsec/tyw001

Scarfone, K., & Mell, P. (2007). Guide to intrusion detection and prevention systems (IDPS). NIST Special Publication 800-94. https://doi.org/10.6028/NIST.SP.800-94

Schlienger, T., & Teufel, S. (2003). Information security culture—from analysis to change. South African Computer Journal, 31, 46–52. https://doi.org/10.18489/sacj.v0i31.180

Sedgewick, A. (2014). Federal Information Security Management Act (FISMA) implementation project. NIST Special Publication 800-53. https://doi.org/10.6028/NIST.SP.800-53r4

Souppaya, M., & Scarfone, K. (2013). Guide to enterprise patch management technologies. NIST Special Publication 800-40 Revision 3. https://doi.org/10.6028/NIST.SP.800-40r3

Tan, J., & Theodorou, K. (2020). Singapore’s Data Protection Trustmark: A step toward global accountability? Computer Law & Security Review, 36, 105398. https://doi.org/10.1016/j.clsr.2019.105398

Tikkinen-Piri, C., Rohunen, A., & Markkula, J. (2018). EU General Data Protection Regulation: Changes and implications for personal data collecting companies. Computer Law & Security Review, 34(1), 134–153. https://doi.org/10.1016/j.clsr.2017.05.015

Tipton, H. F., & Krause, M. (2019). Information security management handbook (7th ed.). CRC Press. https://doi.org/10.1201/9780429192265

Verizon. (2022). 2022 Data breach investigations report. Verizon Enterprise. https://doi.org/10.5281/zenodo.6604634

Voigt, P., & Von dem Bussche, A. (2017). The EU General Data Protection Regulation (GDPR): A practical guide. Springer International Publishing. https://doi.org/10.1007/978-3-319-57959-7

Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. Computers & Security, 38, 97–102. https://doi.org/10.1016/j.cose.2013.04.004

Zhang, Y., Deng, R. H., Liu, J. K., & Zheng, D. (2018). Efficient and privacy-preserving online medical primary diagnosis with outsourced support vector machine training. Computers & Security, 79, 1–12. https://doi.org/10.1016/j.cose.2018.07.013

Zimba, A., & Phiri, J. (2020). A taxonomy of cyber-attack vectors in the cloud computing ecosystem. Journal of Cloud Computing: Advances, Systems and Applications, 9(1), 1–23. https://doi.org/10.1186/s13677-020-00173-9

Downloads

Published

2025-10-27

How to Cite

Lim, F. (2025). Safeguarding Online Businesses: Cybersecurity Tools and Techniques. European Journal of Business and Strategic Management, 10(6), 40–53. https://doi.org/10.47604/ejbsm.3549

Issue

Vol. 10 No. 6 (2025)

Section

Articles

License

Copyright (c) 2025 Francis Pol C. Lim

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution (CC-BY) 4.0 License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.

Similar Articles

1 2 3 4 5 6 7 8 9 10 > >> 

You may also start an advanced similarity search for this article.