Over the last few years we have seen a massive increase in the amount of cyber-attacks, including breaches of private customer information. The most recent well-known cases include the hacking of a significant proportion of Yahoo! email accounts as well as the release of the identities many of Ashley Madison users. These two high profile cases show just how easy it can be for hackers to gain access to private information and just how much damage can truly be done.
These are two sizable businesses that generate a lot of income and can dedicate significantly more money to cyber security. So you are probably wondering if these large corporations with huge budgets for security are still being hacked, what chance does my little e-commerce website have?
Well, it isn’t just about how much money you spend. There are a lot of other important components that you must be aware of to ensure your website and your customer’s data is properly protected. There has never been a more critical time to protect your website and the data of your customers.
No one bears the weight of protecting themselves more than that of the e-commerce business. It is so important to ensure the proper protection of your e-commerce business because of the type of information your clients have to provide.
E-commerce businesses sell products online. For a consumer to purchase a product, they have to provide private information including credit card details as well as their email address etc. If this type of information got into the wrong hands it would be disastrous. Hackers could steal all the consumers’ money or potentially look to steal their identity.
When it comes to cyber security you should be alert but not alarmed! There are many preventative methods you can put into place to decrease your chances of your website being hacked and your customers’ private information being lost.
I find that small businesses seem to struggle the most because they don’t have the means necessary to tackle this issue properly, may it be not enough time or money. However, you will need to dedicate resources to cyber security to ensure your website and client information remains safe.
Below are some tactics you can deploy to ensure both your e-commerce website and your client’s information is protected.
These tactics will help mitigate the likelihood of your website being hacked and your consumer’s information being stolen.
Purchasing an SSL (Secured Sockets Layer) certificate is an easy way to show your clients that you actually care about protecting their personal information. An SSL certificate will encrypt the data when it is transferred between the web browser and server. Without the encryption key, all the data is worthless because it doesn’t make sense and cannot be encrypted by hackers.
An SSL certificate is certainly one of the best (and easiest) ways to protect your e-commerce website from hackers. The certificate also limits the chances hackers can intercept the information when it is being exchanged from server to server. Even if they do (like I said above) it would be virtually impossible to decode.
When you purchase an SSL certificate it becomes instantly noticeable to all that use your website. Your website address starts with “HTTP” will now start with “HTTPS”. This signifies to consumers that your website is secure.
As cyber security is becoming a bigger issue, more internet users are aware and worried about what happens to their data. Therefore, users are increasingly aware of SSL certificates and some will not provide information to websites unless they are certain the website is protected with an SSL certificate. Consumers will certainly trust your e-commerce website more if they know their information is secure.
Use an established e-commerce platform
This refers to the platform you are using to sell your products over the internet. If you are in the process or have finalised your e-commerce website, you would have had to choose a platform from a variety of different options.
In order to keep your website as safe as possible it is recommended that you choose a platform that is well known with a large amount of users. By choosing a popular platform you have more information and assurance that the platform is safe and secure.
Popular hostings also have the ability to develop and provide updates when required. This means that if there are any issues or bugs etc. they have the resources to fix it as fast as possible. Choosing an unknown platform is risky because you don’t have as much information and you are unable to determine what would happen if there was an issue with the platform.
Well established platforms often have a large support community meaning you can talk to others using the same platform. As well as this, these types of platforms go through much more extensive testing and compliance to meet the guidelines and rules of working with potentially sensitive information.
Platforms for e-commerce websites have such a high level of testing because the information that is potentially provided needs to be kept safe and there is a higher level of responsibility.
For example, if you choose a trusted and well known hosting company and there is a data breach, the platform business is mostly likely required to share the responsibility with you. However, the likelihood of a breach when using a well-known platform is fairly low.
Good e-commerce platforms will also assist in explaining the complexities of the issue as well as the level of responsibility of each party. There is a general rule of thumb here: the more well known the platform is, the more updated, compliant, tested and maintained it is.
Collect the data you need
The more data you have, the harder it can be to protect. This is why it is important to only collect the data you will actually use. You shouldn’t just collect data because you want to and you can. If you do and you then lose the data, you could become liable.
As an e-commerce business you will obviously have to collect some data. However, you should think very carefully about the type and amount of data you want to be collecting from your consumers.
These days, consumers are bombarded with call to action buttons and are always told to provide details such as email, name and phone number.
Before deciding if you need to collect and store this information have a think about if you really need it. Every piece of information you collect must have a purpose. For example, if they are purchasing something from your website they have to provide financial details (so the payment can be made) as well as an email address (so details of the purchase and receipt can be sent) as well as the their address (so the product can be correctly delivered).
Monitor your website
This may seem fairly tedious and you will usually come up with nothing (which is a good thing) but you should always be monitoring your website for any suspicious activity. In addition to this, you should also set up system alerts that will mean you are notified if anything is wrong.
If anything thing seems even remotely suspicious you should investigate even further. By continuously monitoring, the chances are you will catch suspicious activity before it becomes a real problem. There are more options for you if you can catch suspicious activity early.
You are probably thinking, “well, how do I know if the activity on my website is suspicious or not?” The good news is that most well-known e-commerce platforms can assist you in this process, as well as this there are tools provided that will look and see your website’s activity and determine if anything is unsafe.
These tools are all well and good, but the best detection tool is you! Human analysis is very important when investigating the activity on your website. Usually if something feels off, more often than not, it usually is.
You have probably already seen password guides before when choosing a password. For example, the password requirements for Facebook include a combination of at least six letters number and punctuation marks (as can be seen below). Other website will provide a strength guide to show users if there password is weak, medium or strong.
If users are to create an account when using your e-commerce website, it is highly recommended that you ensure the password requirements are high and you also provide users with a chance to see just how strong their password is.
Although it is solely your responsibility to keep your consumers information safe on the back end, by ensuring a stronger password, consumers are doing more to keep their information safe from the front end.
Hackers will usually try to get personal information from the front and back end. So by ensuring longer and harder passwords, it becomes increasingly difficult for hackers to breach your website and access consumer information from the front end.
Credit card information
Like in the third point where I explained to only collect the data you need, credit card information falls into a similar category. While you do need to collect credit card information so the consumer can actually pay for the product you are providing them with, it is important that you do not hold this information on online servers. You don’t need to!
If you do store credit card information and this information becomes lost, your reputation will certainly take a massive blow.
Consumers will not trust your website with their personal information and therefore could quite possibly result in a dramatic drop in sales. A good reputation is hard to achieve yet so easy to lose. Once your reputation is in tatters, it can be difficult to get it back.
If you find you need to store customer information, do so in offline storages. This means they are unable to be accessed by online hackers. You should also investigate the benefits of payment facilitators such as PayPal. Many consumers know and use PayPal and if your e-commerce business is supported and authenticated by PayPal, consumers will place more trust in your website.
It is important that you are aware of what your employees are doing and exactly what they have access to. Although no employer likes to think it, your data breach could be from an employee. Veriato explained in their Insider Threat Spotlight Report that over 60% of data breaches come from people inside the company.
Insider attacks have been increasing since 2014 and this is no longer an issue business owners can ignore! If you are the only person working on your business then great! This is something you don’t have to worry about. If not, you will have to keep an eye on what is happening (yes, even if you think there is no way one of your employees could do anything to harm your business).
As well as employees, you will have to think about anyone or any other business that has had access to your website. So for example, if you didn’t design your website yourself, does the web designer still have access to your website? By knowing who has access to what data it could potentially be helpful if there is ever a data breach.
As I said before, it is important that you are alert but not alarmed. It is important that you are aware of the risks out there and are putting appropriate methods in place to limit the chances of a breach to your website.
Personal consumer information is lost every week and this issue can no longer be ignored. It is happening and you need to protect your website and your consumer’s information. Luckily, there are a lot of different ways you can protect your website!
Purchasing an SSL certificate should be one of your top priorities. You should also use a well-established e-commerce platforms and payment facilitators to ensure better protection. As well as this, you will need to think about the type of information you are collecting from consumers, if you actually need it and you should never store this information online!
Monitoring your website and your employees for any suspicious activity will help to nip any problems in the bud. Lastly, it is important to encourage your consumers to create more complex passwords so hackers cannot access their account. I hope you find all the above points useful in your bid to stay safe online and protect your consumer’s data!