Andrei Ivanov, CISO of Wildberries & Russ, offers several relevant recommendations for sellers on the platform.
He notes that even large players like Wildberries face cyber threats daily; however, their protection systems are quite reliable. Therefore, it is easier for attackers to target the sellers directly, trying to hack their accounts or gain access to the data of pickup point owners for fraudulent purposes.
Many incidents can be prevented with simple and inexpensive measures.
1. Separate Work and Personal Digital Spaces
One of the main reasons for hacks is the use of a single device for both personal and work needs. A single laptop may have both corporate applications and various third-party programs, including illegal versions of games. Many users do not realize that such applications can collect data on all actions and transmit them to fraudsters.Recommendations:
- use a separate device for work;
- install only official programs;
- access services through verified links.
2. Always Use Two-Factor Authentication
Modern protection is not sufficient to rely solely on a password. Two-factor authentication (2FA) is one of the simplest ways to significantly enhance security.Recommendations:
- enable 2FA for all services: email, messengers, and accounting systems;
- the recovery email should be linked to another device;
- use authenticator apps instead of SMS.
3. Antivirus and Updates: Vital Measures
Although it may seem obvious, a good antivirus with up-to-date databases can prevent many attacks. Using pirated versions of antivirus software can result in hidden malicious codes that effectively open doors for attackers.As for updates, they should not be ignored. In 2025, about 200 critical vulnerabilities were identified that could provide access to your device through simple actions like clicking a link or opening an email. One random click can lead to a data leak.
Recommendations:
- use licensed antivirus software and regularly update your OS and applications.
4. Regular Backups: Your Insurance
Backups are necessary not only for recovery after attacks. Employee errors or equipment failures can also lead to losses.However, many organizations make two critical mistakes:
- Storing backups on the same devices as work data.
- Not checking the functionality of backups.
Every business should have a plan of action in case of loss of access to critical systems. The faster the recovery, the lower the losses.
Recommendations:
- store backups separately and offline;
- regularly check their functionality;
- develop clear recovery protocols for critical systems.
5. Ensure Employee Accountability
If a company uses one computer and a shared account, it is impossible to determine who performed specific actions, such as changing prices or adding fake products.Creating accountability is an important aspect of internal security.
Recommendations:
- each employee should create a separate account;
- use solutions that allow monitoring the actions of multiple employees through one account;
- do not use shared mailboxes;
- apply mechanisms for user rights segregation;
- in the Wildberries personal account, you can add employees and manage their access rights.
6. Avoid Passwords if There’s an Alternative
Passwords are one of the weakest links in the security system. They can be easily intercepted, guessed, and reused.Recommendations:
- use hardware security keys for critical resources;
- apply one-time codes;
- use push notifications for confirmation.
7. Prepare in Advance for Incidents
Today, it is important not only to understand whether a cyber incident will occur but also to be prepared for its consequences.Every company should have:
- a plan of action in case of data encryption;
- defined roles for employees during an incident;
- an understanding of acceptable downtime and data loss.
8. Learn About Phishing
Phishing is one of the most common causes of hacks. Familiarize yourself with the main fraud schemes and pay attention to signs of phishing:- Unexpected messages or calls
- Generic nature of messages
- Fake links
- Malicious attachments
- Errors in logos and design
Fake websites may look real, but details may reveal their forgery.
What to Do If You Have Doubts?
Contact the company's support through official contacts or directly with the sender if you have their details.
