Nearly every day we hear about another major hacking incident that leaves many scratching their heads as to what exactly happened and what they could have done to prevent it. For example, a few years back there was a DDoS (Distributed Denial of Service) attack on the PlayStation network, where hackers stole information from more than 100 million users and caused the network features of the console to be down for more than three week while a nationwide investigation by the US Department of Homeland Security was conducted.
While it’s unlikely your ecommerce page ever reaches this level of risk, security is something on every digital storeowner’s mind, as well as those who shop online. Here are four security tips every ecommerce website owner should be using:
Choose a Secure Ecommerce Platform
With ecommerce popularity rising, the number of enterprise ecommerce platforms is increasing to meet aspiring storeowners’ demand. When choosing your platform, make sure that you keep security in the back of your mind. If they don’t have a clearly defined plan of protecting your customers, keep looking. For example, Shopify meets all six categories of PCI DSS (Payment Card Industry Data Security Standard), which is an information security standard adopted by organizations that handle credit and debit card information. The standards are:
- Maintaining a Secure Network
- Protecting Cardholder Information
- Maintaining a Vulnerability Management Program
- Implementing Strong Access Control Measures
- Regularly Monitoring and Test Networks
- Maintaining an Information Security Policy
DDOS Protection and Mitigation
Distributed Denial of Service attacks are still the most common way for hackers to attack your servers and mine for information. In terms of execution, a DDoS attack is relatively simple to carry out and effective against unsuspecting and unprepared websites. In essence, DDoS shuts down a web page by overloading it with thousands of systems (called “bots”) actively requesting data at the same time. The site will be unable to keep up with the data requests and eventually come to a complete stop.
DDoS mitigation services will act as a “gatekeeper” to your website. All requests for data will be sent through the service first, which will thoroughly inspect and determine whether the request was sent from an actual human user or an automated bot. This process will stop any and all bots from entering your website and will be unnoticed by your users.
Do NOT Store Sensitive Data
When you shop online, you put your trust into the website that your sensitive data will not be compromised. As a storeowner, you need to meet the security expectations of your customers. There is no reason to hold onto credit card numbers, expiration dates or CVV numbers for long periods of time. Keep this information encrypted and only available for a limited time, in order to process any potential refunds or chargebacks.
Customer records should be regularly purged to best protect them and yourself in case of breach. You can’t squeeze water from a rock any more than you can siphon information from an empty database. If you have no data on hand to steal, the thieves will go somewhere less secure.
Banks lost millions of dollars in funds when they were forced to reimburse customers for the money lost during the massive breach of Target’s database. The attack exposed the personal information of around 70 million customers. While your small business probably won’t ever have that much data on hand, it’s important to note that even the biggest names in the industry are at risk and have been targeted, and you should learn from their mistakes.
Utilize Multiple Layers of Security
Even if you have the strongest security systems in the world, if you only have one, you are still putting your organization at risk. Hackers are persistent, so it’s important to have backup security measures in place, and then have backups to those backups. This begins with firewalls that will stop outside entities from accessing your network. From there, you should be adding layers of security on contact forms, secure passwords for all logins and search queries.
Properly securing a website is going to take some time, however, it’s an essential part of ecommerce that must be addressed. It’s much better to shell out the extra bucks for a secure platform than having to shut down your entire company because hackers put you out of business.