|Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography.|
Ecommerce sales soared high in 2018.
With more than $517 billion spent with US merchants alone, and it doesn’t look like the momentum will slow down anytime soon.
But, while that is great news for eCommerce retailers, it also means that hackers will likely try to penetrate your website and/or databases. And according to Shape Security, approximately 90% of all login attempts actually come from hackers. Which is why you have to do more than ever to make sure that your eCommerce website and/or data stays safe.
So, what can you do to secure your website and your eCommerce data?
You can follow the security recommendations that we are about to follow. Each of these web security recommendations has proven to slow down and/or stop hackers from penetrating web systems and/or databases.
With all that said, here are eight essential web security practices for your eCommerce retailer website.
1. Use A Secure eCommerce Provider
There are plenty of eCommerce providers that have a proven security track record. Some of these include, but are not limited to:
· CS-Cart Multi-Vendor
· WooCommerce for WordPress
All of these have SSL encryption/certificates (coming up) as well as other built-in security features such as VPN services and other tools to help mitigate hacking attempts. But this biggest thing for an eCommerce retailer is to make sure they are using a secure provider. While it may be tempting to use an open-sourced backend and/or a free eCommerce provider, consider what you are giving up: security.
2. Use SSL Certificates
SSL certificates, or Secure Socket Layer certificates, are an online encryption standard that uses special keys to encrypt data between two different connections/machines. After a connection is made, all data that is transferred is “secured” and “unchanged”. SSL certificates use minimum 128-bit encryption, but 256-bit is becoming the standard.
Make sure that your eCommerce provider allows for SSL certificates because they should. Also, make sure that they support both 128-bit and 256-bit encryption certificates.
3. Use Two-Factor Authentication (2FA)
While this is not a popular option, is a highly effective option in securing user data. Duo Security reported that only 28% of users in the US were using 2FA, and that’s totally understandable. 2FA is a much slower process than entering a username and password. But the extra layer is much more secure and much harder to hack.
While your visitors might not like 2FA, it’s best to use it on your website. Remember, it’s your job to protect their data—not theirs.
4. Use Encryption On Stored Data
In 2015, a hacker managed to breach TalkTalk and harvest their user’s data—which was unencrypted. And they aren’t the only company to have left user data unencrypted. Other notable hacks include:
· Yahoo (2013-2014)
· Marriott International (2014-2018)
· Adult Friend Finder (2016)
· eBay (2014)
· Equifax (2017)
· Heartland Payment Systems (2008)
· Target (2013)
All of these are major corporations, with plenty of capital necessary to lock down their systems and/or data. And yet, they managed to get hacked. But the worst part of it was the fact that the data was unencrypted. If the data had been encrypted, the hackers would not have received the massive payloads that they did.
If these major companies had just followed ALL of the practices we are discussing, they wouldn’t have ended up in the news the way that they did.
5. Use Security Services and Applications
It’s easy to trust what you’ve done to mitigate security risks. But what if you missed something? That’s why it is a good idea to use a third-party security service. They can run tests to see if you have any common vulnerabilities.
If they do find a problem, they’ll tell you what you can do to fix the problem. It’s always better to use another set of eyes, in this case, a third-party security penetration service.
Another essential security layer is passwords. Make sure everyone in your organization uses a strong password management application. The days of saving your passwords and logins on a desktop folder called “passwords” are over. Cryptographically securing your passwords on a protected cloud server works not only as a good means of defense but also as a great multi-device backup system.
6. Train Your Employees to Spot Phishing Attacks
Data from DashLane shows that the average cost of a phishing attack is around $1.6 million for an average-sized company.
One of the easiest ways that hackers can gain access to your database and/or user data is through your employees. There are numerous ways to fall prey to a phishing attack, but the two main ways are through email and through phone calls.
If your employees aren’t careful, they could divulge security-centric information to the wrong individuals—in this case, a phisher. Discuss security procedures, ways information should be shared, ways information should NOT be shared, face-to-face communications, email security procedures, web portal procedures, VPN usage, and so on; and, do this often (not once a year).
7. Keep Your Software/Website Updated
Whenever an eCommerce platform is updated, you need to be one of the first on board. Generally, updates are built for one of two reasons: performance or security.
Hackers understand this and will look for websites that haven’t updated their website. Once found, they work diligently to penetrate the website using published exploits. Leaving your website and/or user data vulnerable due to poor updating practices is just lazy. Don’t be lazy—just take action to protect your website and its users.
8. Use A Content Delivery Network
And finally, use a Content Delivery Network (CDN). CDN’s are great at protecting users from DDoS attacks, brute force attacks, malware attempts, downtime and so much more. Most CDN’s are built with security as one of their primary focuses. If you are truly serious about security for your eCommerce website, a CDN should be part of your security plan.
eCommerce businesses are a great way to make a living. But there is more to running an eCommerce retail store. While making a ton of sales is great, all it takes is one successful hack to ruin your business, your brand, your name, and your reputation. That’s why you need to truly consider every one of these eight essential web security practices for eCommerce retailers.
You may want your name in the papers, but not because you were hacked at millions of customer records were leaked out. Take the time to secure your eCommerce information before you become big news for bad reasons.