As the owner of an ecommerce business, you’d love to have your company in the headlines. That is, unless the news happens to be about a data breach — in which case you’d want a time machine.
Well, if you’ve been victimized by cyber criminals, hackers and other bad actors, chances are that you’ve already beefed up your ecommerce security defenses; not by choice, but because your lawyer, regulator or judge told you to.
But if you haven’t yet faced the horrors of discovering that your confidential corporate and/or customer information has fallen into the wrong hands (and maybe for months or even years), here are 5 ecommerce website security best practices to implement ASAP:
1. Always know the exact location of your customers’ cardholder information, as well as transmission flows for data-in-motion and the location of security controls.
2. Routinely monitor stored data, and move any data offline that does not need to be stored. Ensure that this storage is a repository that has a physical (“air”) gap from the public internet.
3. Use HTTPS for your entire ecommerce website — not just as checkout. Today’s cyber criminals do not necessarily need credit or payment card data to inflict major financial damage. Sometimes, merely intercepting information that a specific customer is looking a certain product can be enough to launch a spear phishing campaign that leads to a breach (e.g. a fraudulent email or social media message purporting to be from the ecommerce business saying: “we saw that you were looking at our latest blender, please click here for a special discount!” — with the link unleashing malware).
4. Vigilantly — or make that obsessively — keep your site updated with the latest patches. Many sites go unpatched for several months after software vendors release critical updates, which is like leaving a key in a door lock. Hackers in the cyber underground share information as quickly as those on the enterprise landscape, and it sometimes only takes them minutes to realize that an ecommerce site is vulnerable for an easy attack.
5. If you use an ecommerce order fulfilment software, ensure that the vendor categorically states that they use a combination of industry-approved security technologies to protect data, including password-controlled system entry, Secure Socket Layer (SSL) protocol for data encryption, and a security system to regulate server traffic. A good example of this is the messaging provided by Materialogic.
The Bottom Line
The bad news is that 100 percent eliminating the possibility of a cyber attack or threat isn’t possible. But the good news is that most cyber criminals aren’t looking to win any creativity or innovation awards. They typically go after low hanging fruit, which means that if you implement the above security best practices, there’s a much bigger chance that they’ll look elsewhere — and you make the headlines for all of the right reasons vs. the wrong ones!